Security News > 2021 > May

The boffins' research paper, "Three Years Later: A Study of MAC Address Randomization In Mobile Devices And When It Succeeds," is scheduled to be presented at PETS, the Privacy Enhancing Technologies Symposium, in July, even though it will be four years later than the initial project [PDF]. Written by Naval Academy researchers Ellis Fenske, Dane Brown, Jeremy Martin, Travis Mayberry, Peter Ryan, and Erik Rye, the paper describes the analysis of 160 mobile phones and the extent to which these devices employ MAC address randomization to mitigate tracking vulnerabilities.

Latest research has demonstrated a new exploit that enables arbitrary data to be uploaded from devices that are not connected to the Internet by simply sending "Find My" Bluetooth broadcasts to nearby Apple devices. "It's possible to upload arbitrary data from non-internet-connected devices by sending Find My broadcasts to nearby Apple devices that then upload the data for you," Positive Security researcher Fabian Bräunlein said in a technical write-up disclosed last week.

As reported by BleepingComputer last month, popular code coverage tool Codecov had been a victim of a supply-chain attack that lasted for two months. During this two-month period, threat actors had modified the legitimate Codecov Bash Uploader tool to exfiltrate environment variables from Codecov customers' CI/CD environments.

Vulnerability management in OT continues to be one of the biggest challenges in securing industrial control systems. OT systems, which encompass the ICS, are computer-based control systems that automate and provide safety protection for personnel and equipment in the industrial, commercial buildings, avionics and other IoT-intensive industries.

When attacking the healthcare industry, hackers are going beyond focusing on data exfiltration or leaking patient records. The focus is to totally disrupt health systems operations with ransomware that locks up electronic health records and the IT infrastructure.

After a decade or so of ransomware attacks against sometimes very prominent targets, the recent Colonial Pipeline ransomware attack by the Darkside gang has been the proverbial straw that broke the camel's back, as the attack was followed by a temporary shut down of the pipeline, which then led to widespread fuel shortages in the Southeast United States and the government issuing a state of emergency for 18 states. According to Intel 471 researchers, other ransomware gangs reacted with changes to their RaaS programs.

With an overwhelming majority of software engineers expressing a preference for remote work, it's no wonder that more employers are making commitments to expand their remote workforces. Some employers jumping into remote hiring aren't aware of the challenges in auditioning their software engineers remotely.

Zscaler announced a report featuring analysis of key ransomware trends and details about the most prolific ransomware actors, their attack tactics and the most vulnerable industries being targeted. "Over the last few years, the ransomware threat has become increasingly dangerous, with new methods like double-extortion and DDoS attacks making it easy for cybercriminals to sabotage organizations and do long-term damage to their reputation," said Deepen Desai, CISO and VP of Security Research at Zscaler.

Leaders in the InfoSec field face a strange dilemma. The program, known as the vCISO Free Clinic, will let security professionals book a one-on-one meeting with Roberts, completely free of charge.

Enterprise leaders who previously viewed cybersecurity as part of traditional infrastructure have shifted to rapidly invest in integrated, cloud-based approaches, with ripple effects on innovation, distributed workforce security and competitive advantages, Forcepoint and WSJ Intelligence revealed. Leaders now see cybersecurity as the key to business advantage with 45% stating they have greatly accelerated digital transformation as a result of the pandemic, 48% reporting cybersecurity's bigger role in enabling innovation and 41% agreeing that it delivers a competitive edge.