Security News > 2021 > June

The new UK Cyber Security Council has instigated its first two initiatives, under its mandate from the Government to develop the cyber security profession. The Council has invited the 16 members of the Cyber Security Alliance - the group of organisations commissioned by DCMS to set up the Council - to apply for a role in determining the terms of reference for two significant, new committees: a Professional Standards & Ethics Committee and a Qualifications & Careers Committee.

A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. A report by Censys CTO Derek Abdine revealed that the latest firmware for My Book Live devices contained a zero-day vulnerability that allowed a remote attacker to perform factory resets on Internet-connected devices.

Samsung today committed to provide its enterprise-edition flagships with half a decade's worth of security updates. The eligible devices include the enterprise versions of the Galaxy S20 series, the Galaxy S21 series, the Galaxy Note 20 series, the ruggedised Galaxy XCover 5, and the Galaxy Tab Active 3.

Organizations are facing yet another unprecedented threat to their cybersecurity now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. More than 20 percent of those surveyed hadn't even heard of the Colonial Pipeline attack and 45 percent had no awareness about the attempt to breach systems to poison Florida's water supply.

A year later, in 2014, Intel was forced to turn TSX off in Haswell and selected Broadwell chips after an erratum was disclosed allowing for "Unpredictable system behaviour" - exactly the opposite of what you want in your database-centric server system. It would now appear that Intel plans to throw in the towel, as brought to our attention in a scan of the latest changes to the Linux kernel by Phoronix: Intel has released a microcode update which disables TSX on processors ranging from the Broadwell successor Skylake through to Coffee Lake parts released starting in 2017.

Analyzing the illegitimate use of Cobalt Strike, Proofpoint said it found that the tool is increasingly being used by attackers as an initial access payload, meaning it's enlisted to deploy the initial malicious payload onto victimized machines. This is a change from past instances when Cobalt Strike was used more as a second-stage tool that played a role once the targeted systems had already been accessed.

More than 3.5 million people worldwide are needed to play defense against cyberattacks. TechRepublic's Karen Roby spoke with Tom Kellerman, head of cybersecurity strategy for VMware, about ransomware and cybersecurity.

Expert says attacks are getting bigger and more aggressive than before. Instead of being like a burglary, they're more like a home invasion.

Microsoft has added a privacy feature to Windows 11 called DNS-over-HTTPS, allowing users to perform encrypted DNS lookups to bypass censorship and Internet activity. DNS-over-HTTPS allows your computer to perform these DNS lookups over an encrypted HTTPS connection rather than through normal plain text DNS lookups, which ISPs and governments can snoop on.

Russian state hackers compromised Denmark's central bank and planted malware that gave them access to the network for more than half a year without being detected. The compromise came to light after technology publication Version2 obtained official documents from the Danish central bank through a freedom of information request.