Security News > 2021 > May

A researcher this week disclosed the details of a dozen design and implementation flaws that could affect all devices with Wi-Fi capabilities, exposing their users to remote attacks. FragAttacks can be leveraged by an attacker who is within range of the targeted Wi-Fi connection to hack devices and steal sensitive user information.

Abnormal Security removed the blog post after receiving legal notice from Zix. Through their PR agency, Zix contacted us to say that the blog post was removed because they believe it contained multiple false and misleading statements, and they asked us to remove our article or issue a retraction.

Adobe has fixed a Reader flaw exploited in attacks in the wild, as well as delivered security updates for eleven other products, including Magento, Adobe InDesign, Adobe After Effects, Adobe Creative Cloud Desktop Application, and others. Microsoft has plugged 55 security holes, none actively exploited.

A German regulator on Tuesday slapped a three-month ban on Facebook collecting user data from WhatsApp accounts and referred the case to an EU watchdog, citing concerns about election integrity. The head of the German regulator, Johannes Caspar, said past Facebook data protection breaches as well as Germany's general election in September showed the "Dangers" of "Mass building of user profiles" that could be exploited.

I'd gotten the crazy idea to write a tool that would encrypt Twitter's direct messages - sent in the clear - so that your private communications would truly be private, visible to no one, including Twitter. What if someone had used my software, thinking it gave them the assurance of privacy, only to learn - to their peril - that my understanding fell short of providing any security?

Absolute is an endpoint-centric security company and is a leader in endpoint resilience solutions. With the addition of NetMotion, Absolute will offer a next generation solution that combines endpoint resilience and network continuity, delivering secure access while enhancing both the security posture of the organization and the end-user experience.

The big news in critical infrastructure security is the ransomware-triggered shutdown of the Colonial gasoline pipeline - the largest such pipeline in the USA. The attack has been attributed to the DarkSide ransomware group. Even without evidence that the attack has migrated into ops, the organization might shut everything down in an abundance of caution, like they did in the Norsk Hydro attack in 2019.

Inadequate implementation of telecom standards, supply chain threats, and weaknesses in systems architecture could pose major cybersecurity risks to 5G networks, potentially making them a lucrative target for cybercriminals and nation-state adversaries to exploit for valuable intelligence. The analysis, which aims to identify and assess risks and vulnerabilities introduced by 5G adoption, was published on Monday by the U.S. National Security Agency, in partnership with the Office of the Director of National Intelligence and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.

Around the same time, the U.S. government released a first of its kind National Maritime Cyber Security Plan, accompanying recent maritime cybersecurity directives from the U.S. Coast Guard. On June 16th 2017, the Maritime Safety Committee of the United Nations' International Maritime Organization adopted a brief but significant resolution, MSC.428(98), "To raise awareness on cyber risk threats and vulnerabilities to support safe and secure shipping, which is operationally resilient to cyber risks".

China's Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to "Rectify" their code. The Commission has posted two lists of apps it says need fixing, fast.