Security News > 2021

According to MITRE, cyber resilience "Is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources." The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to assure sufficient information, data, and network security. The Department of Homeland Security's Cyber Resilience Review offers guidance on how to evaluate an organization's operational resilience and cybersecurity practices.

NASA made an oblique reference to a coded message in the color pattern of the Perseverance Mars Lander ‘s parachute. More information.

Sectigo's chief compliance officer has hit out at Google for minimizing the visibility of Extended Validation HTTPS certificates in Chrome. In a chat with The Register, Sectigo CCO Tim Callan said his biz, which among other things is one of the biggest sellers of EV HTTPS certificates, was "Going to remove street and postal information from all of our public sites," seeing as Google thinks no one cares where a business is based.

This week's motion is: Hacking is not a crime, and the media should stop using 'hacker' as a pejorative. Now, arguing FOR the motion is ALYSSA MILLER.... Using the term "Hacker" to describe cyber criminals is an unfortunate habit that plagues modern media.

Microsoft this week announced Secured-core Server and Edge Secured-core, two solutions aimed at improving the security of servers and connected devices. Initially announced in 2019, Secured-core is the result of a partnership between Microsoft and hardware manufacturers, and its goal is to add a security layer that combines identity, virtualization, operating system, hardware and firmware protection capabilities.

The developer of the 16Shop phishing platform has added a new component that targets users of the popular Cash App mobile payment service. 16Shop is a complex phishing kit from a developer known as DevilScream, who set up a protection mechanism against unlicensed use and research activity.

Private equity group TPG has acquired security vendor Thycotic and announced it will merge it with another recent acquisition, Centrify. TPG in January announced its intention to acquire a majority stake in privileged access management vendor Centrify from fellow private equiteer Thoma Bravo.

Microsoft has said it will add end-to-end encryption for some one-to-one Teams calls later this year - and urged folks to move away from using passwords with Azure AD. The Teams improvements, announced at the tech giant's Ignite conference this week, will be available "To commercial customers in preview in the first half of this year." Video conferencing rival Zoom offers end-to-end encryption with a few caveats and additional steps, and that appears to be more or less the approach Microsoft will take, too.

Swing states were heavily targeted with false information posted by fake social media accounts created by bot operators. There is currently little being done to strike back against or even frustrate bot operators.

Kaspersky CEO Eugene Kaspersky has suggested that the end of the COVID-19 pandemic will bring a slowdown in cyber-crime. This theory was swiftly shot down by Australian infosec boffin, Dr. Greg Austin, a professor of Cyber Security, Strategy and Diplomacy at the University of New South Wales.