Security News > 2021

A very active phishing campaign is underway pretending to be from the UK's National Health Service, alerting recipients that they are eligible to receive the COVID-19 vaccine. The phishing email, shown below, asks the recipient if they want to accept or decline the invitation to schedule their COVID-19 vaccination.

President Biden is preparing to assemble a crack US government cybersecurity team, and has pledged $10bn in funding to shore up the defenses of Uncle Sam's computer networks. Former NSA and National Security Council official Jen Easterly will reportedly be put forward as National Cyber Director, a role that will oversee the federal government's cybersecurity activities.

President Joe Biden laid out a series of cybersecurity initiatives last week at his inauguration, including earmarking $10 billion for various cybersecurity defense initiatives. While Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, applauds Biden's plan, he stressed that it should merely be considered a "Down payment" toward a much larger sum needed to invest in digital security.

Outgoing Federal Communications Chair Ajit Pai has issued a final warning about Chinese telcos at the end of a tenure spent cracking down on companies like Huawei, ZTE and China Telecom. Pai, a former telecommunications industry lobbyist and in-house counsel for Verizon, told Reuters that managing security threats against U.S. networks from Chinese espionage will be the "Biggest national security issue that regulators will face in the next four years."

The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download. More than 2.28 million members of the online dating site MeetMindful have reportedly been caught up in a wide-ranging data breach that exposes everything from Facebook tokens to physical characteristics. The ShinyHunters hacking group has stolen and published the personally identifiable data of MeetMindful users, according to a report from ZDNet.

An ongoing phishing campaign delivering fake Office 365 password expiration reports has managed to compromise tens of C-Suite email accounts to date, according to a warning from anti-malware vendor Trend Micro. The phishers were able to compromise 40 legitimate email addresses of CEOs, directors, company founders, and owners, as well as those of other enterprise employees.

Developers have released an unofficial fix for a Windows bug that could lead to the corruption of an NTFS volume by merely viewing a specially crafted file. Earlier this month, BleepingComputer reported that a Windows 10 bug was discovered by security researcher Jonas Lykkegaard that allows non-privileged users to mark an NTFS volume as dirty.

Axiad, a provider of a cloud-based passwordless authentication solutions, has raised $20 million in growth funding from private equity firm Invictus Growth Partners. According to Yves Audebert, co-founder and co-CEO of Santa Clara, Calif.-based Axiad, the company has been bootstrapped and cash flow positive for more than ten years, with the company saying it protects more than 2.5 million enterprise credentials for hundreds of customers.

A Gartner report predicts that the second-order consequences of widespread AI will have massive societal impacts, to the point of making us unsure if and when we can trust our own eyes. Gartner has released a series of Predicts 2021 research reports, including one that outlines the serious, wide-reaching ethical and social problems it predicts artificial intelligence to cause in the next several years.

Here's our latest Naked Security Live talk, where we talk about the difference between online "Secrets" that aren't really secret but were hidden away to be found as a bit of fun. Genuine secrets, such as passwords and encryption keys, that get "Hidden" away in apps or websites in the hope that they won't be found and abused.