Security News > 2021

Microsoft is adding a new 'Kids Mode' to the Microsoft Edge browser that provides a safe environment for children to browse the web and consume family-friendly content. To help with this, Microsoft has created a new Microsoft Edge browser mode called 'Kids Mode' that can be enabled as needed to create a safe, child-friendly environment.

The US Federal Trade Commission, America's official consumer protection watchdog, recently warned that romance scammers are making more money than ever before. The FTC says that the median average financial loss in a romance scam was $2500, more than ten times as much as the average for other online scams.

Trend Micro has published a report claiming that data-sharing Android app SHAREit, which has over a billion downloads, contains multiple vulnerabilities after the app's maker ignored advice to fix the flaws. According to Duan and Chang, the SHAREit app implements a broadcast receiver component called "Com.lenovo.anyshare.app.DefaultReceiver" that can be invoked via Android's Intent inter-app communication mechanism from any other app.

Kia Motors USA is experiencing a nationwide outage affecting IT servers, self-payment phone services, dealer platforms, and phone support. The outage started Saturday when the Kia Owners Portal went offline and began displaying an error message stating that Kia was "Experiencing an IT service outage that has impacted some internal networks."

Any mis-step in the curation of any of the packages you rely upon, by any one of the hundreds or even thousands of coders in the community whose programming, testing and software publishing skills you have implicitly chosen to trust, could lead to a security disaster. Worse still, updated packages that are fetched and installed by your dependency manager can introduce malware into the heart of your coding ecosystem even if the source code in the package itself remains the exactly the same.

A malvertising operation observed last year by advertising cybersecurity company Confiant exploited what turned out to be a zero-day vulnerability in the WebKit browser engine. Confiant researchers discovered the security hole while analyzing a campaign carried out by a threat actor they call ScamClub.

A panel of experts considers the best methods for safe domestic and international air travel including proof of testing, vaccination passports, and digital health passes. A recent panel conducted by the security firm Concentric Advisors, "Protocols, Testing, and Proof of Vaccine-What is the future of privacy and travel?" took a deep dive predicting how domestic and international air travel can be safely mandated during the continuing COVID-19 worldwide pandemic.

Microsoft has acknowledged an issue affecting Windows 10 customers who have installed the KB4535680 security update that addresses a security feature bypass vulnerability in Secure Boot. Windows versions affected by this vulnerability include multiple Windows 10 releases, Windows 8.1, Windows Server 2012 R2, and Windows Server 2012.

The suggested solution is a standard which enables organizations to quickly and securely validate the bank account information of companies before they send payments, while also enabling anti-fraud vendors to collect much needed threat intelligence on on-going scam campaigns. DAIC uses tried-and-tested methods used in other security standards, such as DMARC. Each company adds to their DNS records a record indicating the DAIC server of their choice.

Palo Alto Networks on Tuesday snapped up early-stage startup Bridgecrew, adding a cloud security platform for developers to its $3.4 billion-a-year enterprise product portfolio. For Palo Alto, the deal is part of a strategy to spend big to snap up early-stage companies in the cloud security and DevOps workflow space.