Security News > 2021

The PCI SSC published the latest version of its device security standard for Hardware Security Modules. The PCI PIN Transaction Security Hardware Security Module Modular Security Requirements Version 4.0 ensures that HSM devices provide the strongest protection for critical data elements used in card verification, PIN processing, chip transaction processing, payment card personalization, secure cryptographic key loading, remote HSM administration and other payment authentication activities.

A research from Arkose Labs has revealed that there were over two billion credential stuffing attacks during the last 12 months, growing exponentially during the period from October 2020 to September 2021. According to the research analysts, last year credential stuffing rose 56% during the Christmas and New Year shopping period, with predictions that this same period in 2021 will see up to eight million attacks on consumers every day.

Global wireless 5G connections have reached 438 million by the third quarter of 2021 and are on pace to exceed 540 million by the end of the year, according to data from Omdia, said 5G Americas. According to the most recent data from Omdia, the world added 72 million 5G connections between Q2 and Q3 of 2021, increasing 19.6% from 366 million to 438 million, reflecting a downward re-statement of connections from Q2. At this pace of growth, 5G is expected to more than double the number of connections in 2020 and is forecast to reach 540 million globally by the end of the calendar year.

There is a real silent IoT battle going on, and tens of thousands of IoT devices have already been compromised. In order to give you an idea about the level of awareness that is on the rise, the Epidemiology Lab of Orange Cyberdefense provides us with some exciting and frightening figures: In 2019, for example, a vulnerable IoT device could be infected in less than 3 minutes, and in 2021, an IoT device is attacked on an average of 2814 times every single day by more than 100 different botnets trying to hijack it.

38% of respondents said forgetting passwords annoyed them the most, 39% said password that had specific requirements and a further 38% said CAPTCHA tests were the most irritating part of logins. A further 27% said security questions were annoying and 20% said the same about MFA. The culprit: Account creation fatigue and forgotten passwords.

Pepperdata announced the results of a new survey to gauge the pace at which enterprises are migrating big data applications to Kubernetes containers. Kubernetes is the preferred container orchestration technology for its agility, speed and efficiency for scaling and managing apps and infrastructure.

A security flaw has been unearthed in Microsoft's Azure App Service that resulted in the exposure of source code of customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017. Microsoft said a "Limited subset of customers," adding "Customers who deployed code to App Service Linux via Local Git after files were already created in the application were the only impacted customers."

Microsoft said it won't be fixing or is pushing patches to a later date for three of the four security flaws uncovered in its Teams business communication platform earlier this March. The disclosure comes from Berlin-based cybersecurity firm Positive Security, which found that the implementation of the link preview feature was susceptible to a number of issues that could "Allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address, and DoS'ing their Teams app/channels."

A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. IoT devices are a booming market that includes small internet-connected devices such as cameras, lights, doorbells, smart TVs, motion sensors, speakers, thermostats, and many more.

Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service and man-in-the-middle attacks using low-cost equipment. The new fake base station attacks, in a nutshell, render vulnerable the handover procedures, which are based on the aforementioned encrypted measurement reports and signal power thresholds, effectively enabling the adversary to establish a MitM relay and even eavesdrop, drop, modify, and forward messages transmitted between the device and the network.