Security News > 2021 > August

CISA Adds Single-Factor Authentication to the List of Bad Practices
2021-08-31 23:27

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added single-factor authentication to the short list of "Exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks. With the latest development, the list of bad practices now encompasses -.

Microsoft 365 Usage Analytics now anonymizes user info by default
2021-08-31 21:42

Microsoft has announced today that it will start anonymizing user-level info by default Microsoft 365 Usage Analytics beginning with September 1, 2021. "At Microsoft, we're committed to both data-driven insights and user privacy," said James Bell, Senior Product Marketing Manager for Microsoft 365 Product Marketing & Growth Strategy.

Fortress Home Security Open to Remote Disarmament
2021-08-31 20:35

A pair of vulnerabilities in the Fortress S03 WiFi Home Security System could allow cyberattackers to remotely disarm the system, leaving homes open to unlawful entry. The Fortress platform is a consumer-grade home security system that allows users to mix and match various sensors, IP cameras and accessories, connecting them via Wi-Fi to create a personalized security system.

Cream Finance DeFi Platform Rooked For $29M
2021-08-31 20:33

Cream Finance is the latest decentralized finance platform for cryptocurrency trading to take a major financial hit at the hands of hackers, losing nearly $19 million in an attack this week on its "Flash loan" feature. The attacker was able to steal nearly $29 million before being discovered, 418,311,571 in Amp Coin and 1,308.09 in Ethereum cryptocurrency, Cream Finance confirmed.

Proxyware Services Open Orgs to Abuse – Report
2021-08-31 20:12

Proxyware services are attractive to businesses that use them for internet-related traffic research, such as search engine optimization. For consumers, Cisco points out, proxyware services are "Advertised as a means to circumvent geolocation checks on streaming or gaming platforms," while at the same time allowing consumers to generate income for the use of their bandwidth.

Don't forget to evaluate soft skills when hiring for cybersecurity positions
2021-08-31 20:08

Soft skills are just as important, if not more so, than technical skills in cybersecurity professionals. People with soft skills can be trained in tech skills, expert says.

US officials, experts fear China ransacked Exchange servers for data to train AI systems
2021-08-31 19:23

The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR. The plundering of these Exchange systems was attributed to Chinese government cyber-spies known as Hafnium; Beijing denied any involvement. It's said the crew exploited four zero-days in Redmond's mail software in a chain to hijack the servers and siphon off data.

Skimming the CREAM – recursive withdrawals loot $13M in cryptocash
2021-08-31 18:57

Apparently, the company has rushed out a brand new security system for its cryptocurrency storage, and is now telling customers to "Rest assured, [] our state-of-the-art technology ensures assets remain secure at all times. [] Your assets are safe with us and will always be." Imagine if you have smart contract code that allows the other party to check that they have at least $X in their account; then to call smart contract code from their side of the deal to process $X; then to deduct that $X from their account.

Identity is replacing the password: What software developers and IT pros need to know
2021-08-31 18:52

Identity and access management is pushing application security past single-factor authentication and even multi-factor authentication to a risk management model says Ping Identity CEO. Identity and access management systems are making it easier for software developers to secure their applications, for employees and customers to access the tools and services they need and for companies to protect their systems and data. On a recent episode of Dynamic Developer , I spoke with Andre Durand, Founder and CEO of Ping Identity about how the changing landscape of identity and access management are affecting software development.

Microsoft announces Visual Studio Code for the Web public preview
2021-08-31 18:38

Microsoft has announced the public preview launch of Visual Studio Code for the Web, a browser-based version of its free and cross-platform VS Code integrated development environment. "Announcing the preview of Visual Studio Code for the Web, a new web-based code editor that runs entirely in your browser and without backing compute," the company announced today.