Security News > 2021 > September

MyRepublic Singapore has disclosed a data breach exposing the personal information of approximately 80,000 mobile subscribers. MyRepublic an Asia-Pacific telecommunications carrier and Internet service provider with operations in Singapore, New Zealand, and Australia.

The Open Web App Security Project has released its Top Ten list of vulnerabilities in web software, as part of the general movement to make software less painfully insecure at the design stage. This year's current number one web app security flaw is Broken Access Control, with OWASP glumly noting: "The 34 CWEs* mapped to Broken Access Control had more occurrences in applications than any other category."

As working from home moves from a temporary solution to the new normal, companies need new ways to secure data and protect internal networks. Some banking customers are using the security check within an app to verify banking transactions, such as wire transfers of large amounts of money.

Technical details tied to a record-breaking distributed-denial-of-service attack against Russian internet behemoth Yandex are surfacing as the digital dust settles. Attackers, according to Qrator Labs, exploited a 2018 bug unpatched in more than 56,000 MikroTik hosts involved in the DDoS attack.

A new Android banking trojan named SOVA is under active development, researchers said, and it has big dreams even in its infancy stage. "Regarding the development, SOVA also stands out for being fully developed in Kotlin, a coding language supported by Android and thought by many to be the future of Android development," according to ThreatFabric.

On Wednesday, Verizon released the results from a new survey, detailing sentiment among business leaders about the economic impacts of COVID-19, labor shortages, network security in the age of remote work and more. In August 2021, 90% of business owners and decision-makers said they were very or somewhat concerned about the impact of COVID-19 on small U.S. businesses, a 2% decrease from August 2020, per Verizon.

With so many people still working from home, cybercriminals are trying to cash in. Here are five recommendations for securing your home office.

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.”

A threat actor used stolen credentials from a United Nations employee to breach parts of the UN's network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed. "We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021," Dujarric said, according to the report.

Apple also has the beta available for the next version of macOS. But let's start by focusing on a new Office vulnerability before next week's Patch Tuesday. September 2021 Patch Tuesday forecast I expect a limited number of CVEs addressed this month across all the operating systems as Microsoft comes back from final summer vacation.