Security News > 2021 > May

Alexandra Elbakyan, the creator of controversial research trove Sci-Hub, has claimed that Apple informed her it has handed over information about her account to the FBI. Elbakyan made the allegation in a week-old tweet that went unremarked-upon for longer than you'd imagine, given that Apple and the FBI have a history of conflict over whether the bureau should be allowed to peer into Apple customers' devices. At first I thought it was a spam and was about to delete the email, but it turned out to be about FBI requesting my data from Apple pic.

Singapore has made its Bluetooth-powered "TraceTogether" contact-tracing app its preferred means of recording movements in public spaces across the island. The nation's effort, "TraceTogether" used Bluetooth to detect the proximity of other users, recorded such interactions and allowed contact with users in the event they had come into contact with a COVID-carrier.

IT decision-makers often find themselves stuck between a rock and a hard place when it comes to dealing with ransomware attacks. If you're not looking to add your company's name to the list of failed negotiations, keep reading to find out some do's and don'ts of planning for ransomware incidents.

Organizations considering eSignature solutions need to be thoughtful about the eSignature technology they implement and think about a range of requirements such as technology infrastructure, scale, security, choice, and licensing models. To select a suitable eSignature solution for your business, you need to think about a variety of factors.

While it's true that threat hunting, incident response, and threat research all have their foundations in science, throughout my entire career I have found it is also fundamentally true that the most successful threat hunters, incident responders, and threat researchers are far more artist than scientist. When you write reports about your threat research that will be released publicly, do not simply annotate the threat you documented.

Just because passwords aren't going anywhere anytime soon doesn't mean that organizations don't need to modernize their approach to password hygiene right now. As Microsoft's security team put it, "All it takes is one compromised credentialto cause a data breach." Coupled with the rampant problem of password reuse, compromised passwords can have a significant and long-lasting impact on enterprise security.

The Verizon report examines more breaches than ever before, and sheds light on how the most common forms of cyber attacks affected the international security landscape during the global pandemic. This year's report saw 5,258 breaches from 83 contributors across the globe, a third more breaches analyzed than last year.

Cybersecurity researchers have uncovered an ongoing malware campaign that heavily relies on AutoHotkey scripting language to deliver multiple remote access trojans such as Revenge RAT, LimeRAT, AsyncRAT, Houdini, and Vjw0rm on target Windows systems. "The RAT delivery campaign starts from an AutoHotKey compiled script," the researchers noted.

Reflecting the overwhelming amount of configurations practitioners must address, even when companies are aware of errors, most have not addressed the bulk of these issues in a timely manner. "When you consider that a single cloud misconfiguration can expose organizations to severe cyber risk, such as data breaches, resource hijacking and denial of service attacks, the consequences of failing to address misconfiguration issues are all too real to ignore," said Assaf Morag, Lead Data Analyst with Aqua's Team Nautilus.

In this complicated and fast-evolving setting, how prepared is the intelligence community to identify, assess, and mitigate possible threats before they become realities? To predict specific future violence, a protective intelligence investigation must determine: "Whether an individual has the motive and means to develop or act on an opportunity to attack a protected person. A primary task of the investigator is to gather information, some of which may later be used as evidence, that can be used to determine whether the individual poses a threat to a protected person." - U.S. Department of Justice.