Security News > 2021 > August

For a more secure experience, use DNS-over-HTTPS on your Chromebook. Jack Wallen shows you how.

A vulnerability in the GitHub Actions workflow for PyPI's source repository could be exploited to perform a malicious pull request and eventually execute arbitrary code on pypi.org, according to a warning from a Japanese security researcher. The workflow did not verify the pull request author, anyone could create a pull request with a specific name and have the workflow to process it.

Security researchers have devised a way to block the recently disclosed PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily. Last month, security researcher GILLES Lionel disclosed a new method called PetitPotam that forces a Windows machine, including a Windows domain controller, to authenticate against a threat actor's malicious NTLM relay server using the Microsoft Encrypting File System Remote Protocol.

Nozomi Networks, a provider of operational technology and internet of things cybersecurity solutions, said Monday that it has raised $100 million in a Series D pre-IPO-funding round. Led by Triangle Peak Partners, the funding round also had participation from notable firms including Honeywell Ventures, CIA-linked In-Q-Tel, Keysight Technologies, Porsche Ventures Dubai Electricity, Telefónica Ventures, and others.

You can add an SSH tarpit to Ubuntu Server with the help of endlessh. Jack Wallen shows you how.

All the malicious emails were sent via the Constant Contact mailing service using the compromised account of the United States Agency for International Development. "Analysis of the email headers revealed that the messages originated from Mailgun servers and passed email authentication for chipotle[.]com," says Inky.

A firm that sells nuisance call-blocking systems is itself nursing a £170,000 fine from the UK's data watchdog, ironically for cold calling almost 200,000 people registered with the Telephone Preference Service. Brighton-based Yes Consumer Solutions Ltd failed to check its marketing list against the TPS, and as such made 188,493 unsolicited direct marketing calls between October 2018 to October 2019.

Cybersecurity services firm BlueVoyant announced buying Marclay Associates, a UK-based cybersecurity consultancy that specializes in incident response and cyber investigation services. Exclusive Networks, a France-based company that provides cybersecurity solutions from various vendors, acquired Ignition Technology, a UK-based distributor of security-as-a-service solutions.

Leading a team is kind of like when a burglar alarm goes off and "You're the police," says the head of cybersecurity at ExpressVPN. Aaron Engel was born in Seabrook, Texas, a Houston suburb with about 10,000 people, in 1984. Now the head of cybersecurity at ExpressVPN, where he leads a team of cybersecurity engineers, Engel can trace his interest in the field back to that point.

A mysterious, one-letter npm package named "-" sitting on the registry since 2020 has received over 700,000 downloads. An npm package called "-" has scored almost 720,000 downloads since its publication on the npm registry, since early 2020.