Security News > 2021 > May

You've probably connected that laptop to coffee shop networks, where there's either no password, an easy password or zero guarantees of the level of security applied to the Wi-Fi. What do you do? One thing you most certainly should do is configure both Chrome OS and Chrome to use secure DNS. By doing this, all of your DNS queries are encrypted, so you don't have to worry so much that some ne'er-do-well is listening in on the packets you send out. The first thing we'll do is enable Secure DNS in Chrome, which uses DNS-over-HTTPS to encrypt all DNS traffic.

After a ransomware attack on Colonial Pipeline forced the company to shut down 5,500 miles of fuel pipeline, the Federal Motor Carrier Safety Administration issued a regional emergency declaration affecting 17 states and the District of Columbia. "Direct assistance terminates when a driver or commercial motor vehicle is used in interstate commerce to transport cargo or provide services not in support of emergency relief efforts related to the shortages of gasoline, diesel, jet fuel, and other refined petroleum products due to the shutdown, partial shutdown, and/or manual operation of the Colonial pipeline system in the Affected States, or when the motor carrier dispatches a driver or commercial motor vehicle to another location to begin operations in commerce" - the FMCSA [PDF].

In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop. This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.

In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop. This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.

In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop. This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.

Diving into a cashless future of transactions via digital wallets that keep consumers safe and reduce paper and waste. Mobile wallets "Store consumers' data in one place, encrypted with one master root key," said Will Graylin, the man behind Samsung Pay and founder of the mobile wallet OV Valet.

Facebook-owned messaging colossus WhatsApp on Friday retreated again from its plan to force users to accept new terms which critics said could expand data collection from its two billion users around the world. WhatsApp, which was set to enforce its new data-sharing policy on May 15 - following a delay in response to a user outcry - revealed on its website that it would not immediately cut off users who don't accept the new terms, although it would send reminders to those who don't opt in.

The United States' Department of Defense has opened up all of its publicly facing systems and apps to investigation under a bug bounty program. The bug bounty system had only been aimed at websites but now Kristopher Johnson, director of its Vulnerability Disclosure Program, has said "Websites were only the beginning as they account for a fraction of our overall attack surface" and urged the infosec community to take a wider view.

From the dates and the title, the George Davida patent application which NSA unsuccesfully tried to block would have been US4202051A, for a key stream generator based on a LFSR combined with a non-linear feedback circuit. "In April 1978 a patent application made by Carl Nicolai for a speech scrambling device was evaluated by the NSA using Inman's new criteria. Once again, there was disagreement between NSA directorates. Neither Research and Engineering nor COMSEC believed that Nicolai's invention should be classified. Howard Rosenblum, DDC, noted that Nicolai employed"a sophisticated use of well-known, open-source techniques" of spread spectrum technology and that "so many unclassified spread spectrum systems are already in the public domain that it is too late to try to close the door by imposing secrecy orders based solely on the fact that the system uses spread spectrum techniques.

The city of Chicago on Friday said that employee emails were compromised in a Jones Day data breach involving Accellion's FTA file sharing service. On Friday, the city of Chicago revealed that some employee emails that were given to Jones Day "As part of an independent inquiry being conducted by the firm" were compromised in the incident.