Security News > 2021 > May

Biden's Executive Order to improve the nation's cybersecurity is a good first step, but it is unlikely to materially change the defensive posture of the nation. In response to recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline ransomware attack, President Biden on May 12, 2021 signed an Executive Order to improve the nation's cybersecurity and protect federal government networks.

Microsoft has added another 9 to its availability guarantee for Azure Key Vault, taking the service to 99.99 per cent availability. The previous level had been backed by a 99.9 per cent Service Level Agreement and the company claimed that extra 9 represented it "Taking the next step in our commitment to the resilience and availability" of the service.

CIS Controls v8 officially defines IG1 as basic cyber hygiene and represents an emerging minimum standard of information security for all enterprises. CIS Controls Self Assessment Tool - a way for enterprises to conduct, track, and assess their implementation of the CIS Controls over time, and measure implementation against industry peers; CIS CSAT hosted is free for use in a non-commercial capacity.

Australia's Federal Police is getting more help from some very good boys with four paws, wagging tails, and the ability to sniff out tech equipment with their highly sensitive noses. The dogs can sniff out things like USB sticks or SIM cards, a task difficult for humans seeing as the devices are small and easily hidden.

The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks. In March 2021, a new group ransomware group emerged called 'Astro Locker' that began using a customized version of the MountLocker ransomware with ransom notes pointing to their own payment and data leak sites.

Mozilla has begun rolling out a new security feature for its Firefox browser in nightly and beta channels that aims to protect users against a new class of side-channel attacks from malicious sites. "This fundamental redesign of Firefox's Security architecture extends current security mechanisms by creating operating system process-level boundaries for all sites loaded in Firefox for Desktop," Mozilla said in a statement.

Amazon Web Services announced AWS App Runner, a fully managed container application service that makes it easier and faster for customers to build, deploy, and run containerized web applications and APIs with just a few clicks. Customers simply provide their source code, container image, or deployment pipeline and AWS App Runner builds and deploys the web application or API, load balances network traffic, scales capacity up or down based on demand, monitors application health, and encrypts traffic by default.

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

Endpoint management is hard, it's boring, it's time-consuming - but it's nevertheless extremely important to a robust security strategy. Of note, the latest peer-to-peer solutions can check the configuration of local or remote endpoints, diagnose problems, and/or remediate any issues found.