Security News > 2021
Elliptic Labs announced that Lars Holmøy is appointed as the new CFO and Investor Relations effective June 1, 2021. Holmøy will succeed Thor A. Talhaug, who has been engaged as CFO for hire since 2019.
The Telecommunications Industry Association published a new white paper on SCS 9001, the first process-based supply chain security standard for the information communications technology industry. With sophisticated supply chain cyberattacks on the rise, SCS 9001 is on an accelerated schedule to address the urgent need for an ICT-specific standard for global supply chain security.
"Unfortunately, it seems that FLoC contains a privacy design bug that leaks the information about whether the user is browsing in private mode or not," Olejnik wrote in a blog post on Monday, noting that he'd spotted a similar Incognito detection bug in another API. Incognito mode is supposed to prevent online histories from being recorded in the browser's local log and to erase local HTTP cookies and site data from memory at the end of a session. The service's name suggests otherwise and Google was sued in June, 2020, for allegedly collecting data from Incognito Chrome users.
Update: Microsoft now warns of additional issues when printing after installing the March updates. Microsoft has released out-of-band non-security updates to fix a know Windows 10 issue causing blue screens when printing to network printers after installing the March 2021 cumulative updates.
Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine.
A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "On-chip, cross-core" side-channel attack targeting the ring interconnect used in Intel Coffee Lake and Skylake processors. While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated to break the isolation between user applications and the operating system, allowing a malicious program to access memory used by other programs, the new attack leverages a contention on the ring interconnect.
John Noble was Director of Incident Management at the UK's National Cyber Security Centre until his retirement in 2018. During his 40 years of Government service, John specialised in operational delivery and strategic business change.
Nearly three-quarters of IT security professionals surveyed say they prefer to buy technology and services from vendors who are proactive about security, including leveraging ethical hacking and having transparent communications about vulnerabilities. Thirty percent of those surveyed said they could patch a vulnerability in a week or less, but on average, it takes about six weeks to patch a bug from the time its first detected, with 63 percent saying delays are caused by "Human error."
Starting at approximately 3:34 PM EST, users began reporting being unable to login to their Microsoft 365 accounts, Microsoft Teams, or access other Microsoft apps. "As a result of the issues currently facing Azure AAD, we are currently experiencing problems on the Microsoft Tech Community with login and authentication. This will result in users being unable to login and users already logged in getting unexpected errors as sessions timeout," posted a Microsoft Tech Community manager.
Installing a smart doorbell on your abode could actually increase your home's attractiveness to burglars, researchers from Britain's Cranfield University have said. Instead, he said in a summary of a research paper published on the Centre for Research and Evidence on Security Threats' website, smart doorbells and smart locks could actually make things worse.