Security News > 2021

Our story takes us to the fine British market town of Maidenhead, where our hero, who for reasons that will become clear we will call "Humphrey", was toiling away for a well-known telecommunications company. Young, keen, and bereft of cash, Humphrey volunteered for every bit of On Call duty he could, occasionally managing to double his salary in a month.

Encrypted phone network Sky Global has seemingly shut down after European police swooped on users and distributors, and its chief exec was indicted by American prosecutors. News of the company shutdown was broken by Vice News after raids in Belgium and the Netherlands on Sky ECC users and resellers.

The US Department of Justice has revealed that two sets of crooks have confessed to conspiracies against companies led by Elon Musk. Twenty-seven year-old Egor Igorevich Kriuchkov travelled to the US in August 2020 to recruit an employee of an unnamed large Nevada-based company to inject data exfiltrating malware into the system in exchange for Bitcoin or cash worth US$1M dollars.

Passwordless authentication swaps traditional passwords for a system that identifies users by more secure methods such as "Possession factor" or "Inherent factor." By switching to a passwordless approach, companies provide their employees with the same effortless and secure authentication methods that users experience on their smartphones. Passwordless authentication is a relatively new method so it can be challenging to choose the type of implementation relevant to your needs.

It lies with edge computing - a key technology to future-proofing the new workplace environment. As our new workplaces constitute more and more remote points of presence - mobile, tablet, smart speakers - which sees a vast amount of data being generated on the outer edge of computing networks, the task of implementing an edge strategy may fall into the too-hard basket for many, and simply out of reach for some.

The fact that 3 in 4 companies have experienced malicious account takeover attacks highlights the need to track and secure identities as they move from on prem to the cloud. Just one in three security professionals believe they could identify and stop an account takeover attack immediately, the majority expect to take days or even weeks to intercept such a breach.

Readers may remember Kottman pointed out holes in a security skills assessment website run by Deloitte, dropped 20GB of Intel secrets onto the web and shamed the security of DevOps tool SonarQube by releasing third-party code created with the project. Illegally accessing computers belonging to a security device manufacturer located in the Western District of Washington and stealing proprietary data.

A new phishing campaign is targeting U.S. taxpayers with documents that purport to contain tax-related content, but ultimately deliver NetWire and Remcos malware - two prolific remote access trojans which allows attackers to take control of victims' machines through a new phishing email scheme, Cybereason discovered. The new infection process is designed to evade antivirus tools and tricks targets into installing the malware via a tax-themed Word Document containing a malicious macro that downloads an OpenVPN client on the targeted machine.

Continued adoption of cloud computing could prevent the emission of more than 1 billion metric tons of carbon dioxide from 2021 through 2024, a forecast from IDC shows. The forecast uses data on server distribution and cloud and on-premises software use along with third-party information on datacenter power usage, CO2 emissions per kilowatt-hour, and emission comparisons of cloud and non-cloud datacenters.

A newly discovered glitch in Zoom's screen sharing feature can accidentally leak sensitive information to other attendees in a call, according to the latest findings. It's worth pointing out that the screen sharing functionality in Zoom lets users share an entire desktop or phone screen, or limit sharing to one or more specific applications, or a portion of a screen.