Security News > 2021 > September

Call spoofing, which refers to the process of changing the caller ID to any number other than the actual calling number, is a tactic that has lately been on the rise. The growing sophistication of call spoofing tactics.

In this interview with Help Net Security, Dr Shreekant Thakkar, Chief Researcher, Secure Systems Research Centre at TII, talks about the ever evolving threat landscape and how automation could improve the way organizations detect and respond to attacks. The modern cybersecurity threat landscape is evolving faster than ever, particularly threatening critical infrastructures.

Compliance teams that don't embed their controls into employee processes face a significantly higher rate of compliance failures, according to a survey by Gartner. The survey of 755 employees in April 2021 found these failures linked to unnecessary compliance burdens for employees.

According to a Security Compass research, in mid-sized to large enterprises, 50% of the software applications being developed are cloud based, and another 30% are expected to migrate to the cloud within the next two years. According to the report, organizations are struggling to develop cloud applications that meet security requirements and that integrate with existing on-premise technologies.

Los Angeles police are instructed to collect social media details from people they stop and talk to, even if those civilians aren't suspected of breaking the law, according to documents finally revealed after a lengthy legal battle. The Brennan Center for Justice, a non-profit law and public policy institute at New York University, early last year submitted a request [PDF] under the California Public Records Act for information on LAPD's use of social media to monitor people and groups.

The vulnerabilities affect both Windows and Unix-based users, and if left unpatched, can be exploited by attackers to achieve arbitrary code execution on a system installing untrusted npm packages. On further review of the researchers' reports, GitHub security team found some more high-severity vulnerabilities in the aforementioned packages, affecting both Windows and Unix-based systems.

Data professionals are under more pressure than ever, maintaining the performance of fast-growing server estates, managing cloud migrations, meeting increased security and compliance concerns, and coping with staffing and recruitment issues, a survey from Redgate reveals. 65% of DBAs in the survey reported that, as data estates grew over the last 12 months, they personally became responsible for more database instances.

The COVID-19 pandemic continues to shape our working practices and attitude towards work, with both workers and leaders calling for continued and permanent changes in how and where we work and how performance is measured. Hybrid working is here to stay, but flexibility is key.

The operators behind the REvil ransomware-as-a-service staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4. It's not immediately clear if REvil is back in the game or if they have launched new attacks.

Microsoft today revealed it fixed a vulnerability in its Azure Container Instances services that could have been exploited by a malicious user "To access other customers' information." Azure Container Instances is a serverless container environment.