Security News > 2021 > September

The survey found that even satisfactory MSPs are falling short in certain key areas: cloud strategy, security, and IT spending. MSPs and their clients falling behind as remote workforce evolves.

Australia, the United States of America, and the United Kingdom have signed a new defence and technology-sharing pact. Dubbed AUKUS, the headline item of the pact is assistance from the UK and US to help Australia build nuclear-powered submarines that are interoperable with their own fleets.

Employers must act now to ensure staff have the modern skills to stay productive during hybrid working, says Questionmark. Hybrid working, with staff splitting their week between home and the office, looks set to form the future of work.

Creating a cybersecurity plan is the first step in starting secure and staying secure. Don't wait until there is a problem to start thinking about a cybersecurity plan.

Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email. "Except for auto-generated passwords that are nearly impossible to remember, we largely create our own passwords," said Vasu Jakkal, Microsoft's corporate vice president for Security, Compliance, and Identity.

The U.S. government has entered a Deferred Prosecution Agreement with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government. "These services included the provision of support, direction and supervision in the creation of sophisticated"Zero-click" computer hacking and intelligence gathering systems - i.e., one that could compromise a device without any action by the target" - the U.S. Department of Justice.

The U.S. Department of Justice on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. "The defendants worked as senior managers at a United Arab Emirates-based company that supported and carried out computer network exploitation operations for the benefit of the U.A.E. government," the DoJ said in a statement.

Microsoft has addressed four critical vulnerabilities collectively known as OMIGOD, found in the Open Management Infrastructure software agent silently installed on Azure Linux machines accounting for more than half of Azure instances. OMI is a software service for IT management with support for most UNIX systems and modern Linux platforms, used by multiple Azure services, including Open Management Suite, Azure Insights, Azure Automation.

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online.

Two legacy IBM System x server models, retired in 2019, are open to attack and will not receive security patches, according to hardware maker Lenovo. The two models, IBM System x 3550 M3 and IBM System x 3650 M3, are both vulnerable to command injection attacks.