Security News > 2021 > September

DMARC is a global standard for email authentication. Recipients can detect phishing emails sent from a spoofed company domain by examining the email header information, such as the "From:" address and "Return-path" address, and verifying that they match.

With experiences increasingly online, consumers are less tolerant of frustration and will abandon a brand if they aren't able to balance convenience and privacy, according to a survey from Ping Identity. "With more options than ever before, businesses now need to integrate their security, privacy and user experience strategies to keep up with modern consumer expectations," said Richard Bird, chief customer information officer, Ping Identity.

Cyentia Institute and RiskRecon released a research that quantifies how a multi-party data breach impacts many organizations in today's interconnected digital world. The impact of multi-party data breach events 897 multi-party data breach incidents, also referred to as ripple events, have been observed since 2008.

The APAC revenue from 5G is expected to grow from $2.13 billion in 2020 to $13.9 billion in 2025 with a CAGR at 45.5% from 2020 to 2025, according to ResearchAndMarkets. By 2025, the manufacturing industry will contribute 84% of 5G enterprise revenue and Australia will be among the top countries in the enterprise segment.

These are categorized into four according to their type of security issues, namely virtualization level, application level, network level, and physical level security issues. One security firm released a report in February this year, revealing that 91 percent of companies experienced API security problems while over 80 percent were uncertain if their APIs were compromised.

The Quad group of nations - the USA, India, Australia, and Japan - has announced several joint initiatives to share technology and spur its development, among them a plan to set new global security standards for the technology industry. The four nations' leaders met late last week and announced a set of initiatives, among them development of shared "Quad Principles on Technology Design, Development, Governance, and Use".

The new delivery chain, spotted by Morphisec on September 8, underscores that the malware has not just continued to remain active but also showcases "How threat actors continue to develop their attacks to become more efficient and evasive." The Israeli company said it's currently investigating the scale and scope of the attacks. First documented in November 2020, Jupyter is likely Russian in origin and primarily targets Chromium, Firefox, and Chrome browser data, with additional capabilities that allow for full backdoor functionality, including features to siphon information and upload the details to a remote server and download and execute further payloads.

As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks. Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive target owing to their "Oversight of core servers, devices, and other critical components in the enterprise network." The issues have since been fixed in updates released in August with Nagios XI 5.8.5 or above, Nagios XI Switch Wizard 2.5.7 or above, Nagios XI Docker Wizard 1.13 or above, and Nagios XI WatchGuard 1.4.8 or above.

Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group's Pegasus surveillance tool to target iPhone users. Chief among them is CVE-2021-30869, a type confusion flaw that resides in the kernel component XNU developed by Apple that could cause a malicious application to execute arbitrary code with the highest privileges.

Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and "Perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document."