Security News > 2021

Microsoft has pulled one more buggy Windows 10 servicing stack update, KB4601390, because it blocked customers from installing this month's security and Cumulative Updates. Windows 10 SSUs provide servicing stack fixes, the component used by Windows 10 to download and install updates correctly.

Phishers are trying to trick users into opening a "LinkedIn Private Shared Document" and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns. The phishing message is delivered via LinkedIn's internal messaging system and looks like it has been sent by one of the victim's contacts.

Hackers attacked military-run government websites in Myanmar Thursday as a cyber war erupted after authorities shut down the internet for a fourth straight night. A group called Myanmar Hackers disrupted multiple government websites including the Central Bank, Myanmar Military's propaganda page, state-run broadcaster MRTV, the Port Authority, Food and Drug Administration.

Virginia is about to get a data privacy law, modeled on California’s law.

Anyone could have logged into Nurserycam's DVRs thanks to poor design choices - and a decision to "Authenticate" logins by passing the device's admin username and password to parents, claimed a reverse engineer who looked into the matter. Internet of Things security prober Andrew "Cybergibbons" Tierney published a warning to Nurserycam's users after realising how insecure the product was.

A researcher has spotted the first piece of Mac malware that appears to have been created specifically for devices with Apple's recently introduced M1 chip. Wardle has developed several free and open source security tools for Macs, and came up with the idea to look for malware designed to run natively on M1 systems while rebuilding his tools for native M1 compatibility.

Still, you may have told yourself, 365 means they'll be as productive as ever - if not more so - and, well, Microsoft knows all about enterprise security, so they'll be fine. It's become clear that while cloud providers can be held to account when it comes to service availability, other issues such as security and data integrity are not really their problem, but rather yours.

Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers. Cisco Talos added: "Masslogger is a credential stealer and keylogger with the ability to exfiltrate data through SMTP, FTP or HTTP protocols. For the first two, no additional server-side components are required, while the exfiltration over HTTP is done through the Masslogger control panel web application."

I like tackling misconceptions relating to innovative technical advancements in my own line of work, and here I'll talk about homomorphic encryption. Here are four misconceptions about homomorphic encryption that should be considered by anyone interested in potential use cases.

The increasing importance of emotional intelligence and other skills required to work with different stakeholders are placing new demands on CISOs. "In a way, technical-only CISOs have become a thing of the past and replaced by a role that's explicitly relied on to address risk in a much broader, holistic way for organizations."