Security News > 2021 > July

Google's Open Source security team, in collaboration with the Open Source Security Foundation community, today announced an update to the Scorecards project to include more security checks. An automated security tool, the Scorecards project provides risk scores for open source projects, to help users, developers, and enterprises stay informed on the security risks associated with their dependencies, as well as to make informed decisions about them.

The Babuk ransomware gang's source code has been uploaded to VirusTotal, making it available to all security vendors and competitors. Two months later, the Babuk builder used to create the ransomware's unique payloads and decryption modules has been made public, researchers said.

Action1 announced that its innovative RMM system enabled South Bound Brook School District to dramatically improve security by streamlining remote IT management and support, while achieving significant cost savings. South Bound Brook School District is a public school district in New Jersey that serves 450 students.

Many data leaks are the result of data exfiltration or the illegal transfer of data from a device containing sensitive information to unauthorized parties. Also known as data exportation, data extrusion or simply data theft, data exfiltration is one of the final stages of the cyber kill-chain and the most important objective of advanced persistent threats.

Google is working on adding an HTTPS-Only Mode to the Chrome web browser to protect users' web traffic from eavesdropping by upgrading all connections to HTTPS. This new feature is now being tested in the Chrome 93 Canary preview releases for Mac, Windows, Linux, Chrome OS, and Android. Google has previously updated Chrome to default to HTTPS for all URLs typed in the address bar if the user specifies no protocol.

Twitter this week announced that it allows users to enroll security keys and use them as the only form of two-factor authentication to secure their accounts. "Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can't be used to access your account," Twitter explains.

The latest data scrape was discovered this week when threat actors posted the personal data contained in 700 million LinkedIn user profiles in the RaidForums underground market. This latest data scrape follows an April operation which exposed 500 million LinkedIn users.

Twitter now lets users use security keys as the only two-factor authentication method while having all other login methods disabled, as the social network announced three months ago, in March. 2FA is an additional security layer for Twitter accounts requiring users to use a security key or enter a code together with their passwords to log into their accounts.

Netgear has patched three bugs in one of its router families that, if exploited, can allow threat actors to bypass authentication to breach corporate networks and steal data and credentials. Microsoft security researchers discovered the bugs in Netgear DGN-2200v1 series routers while they were researching device fingerprinting, Microsoft 365 Defender research team's Jonathan Bar Or said in a blog post, posted Wednesday.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday announced the release of a new module for its Cyber Security Evaluation Tool, namely the Ransomware Readiness Assessment. A Department of Homeland Security product, CSET was designed to help organizations assess their security posture, and is applicable to both IT and industrial control system networks.