Security News > 2021

GCHQ director Jeremy Fleming on Friday delivered the 2021 Vincent Briscoe Lecture for the Institute for Security, Science and Technology, and opened with an observation that humans love to connect to each other, that digital connectivity continues to become more pervasive and important, and that Britain is "a big animal in the digital world." China's size and technological weight means that it has the potential to control the global operating system.

Whatever unit of measurement you use, it's clear that more and more enterprise computing is happening in the cloud - which also means the cloud is an ever-growing target for cyber attackers. SANS Institute has expanded its line-up of cloud-focused security courses, adding six freshly minted courses, with a seventh one currently in beta testing phase.

Connected medical devices are proving essential amidst today's new normal, but their mainstream adoption has also brought security loopholes to the fore. From wearable IoT devices like smartwatches that provide a patient's heart rate and blood oxygen level, to personal medical devices like hearing aids that can be calibrated remotely, these devices have proven vital for both patients and healthcare providers.

As India battles a surging second wave of COVID-19 cases and severe shortages of medical supplies, the nation's government has told Facebook, Instagram, and Twitter to remove social media posts it says may panic its populace with misinformation. The takedown requests were lodged on Friday, a day before India recorded more than 300,000 new COVID-19 cases for the first time ever in 24 hours.

Notorious Windows malware Emotet was automatically wiped from computers yesterday by European law enforcement using a customized DLL. This specially crafted time bomb caused the software to self-destruct on Sunday, April 25. Ch's Emotet portal showed none of the Emotet C2 servers it tracks were online.

As a protective model, zero trust does not put a wall around networks and applications, but around employees and their devices, so it can protect remote environments at scale. Committing to zero trust means assessing where the major security risks are in the existing enterprise environment and understanding the flow of data.

SniperPhish is an all-in-one open-source phishing toolkit that pentesters and other security professionals can use for setting up and executing email and web-based spear phishing campaigns. "The idea to develop SniperPhish came to me in a period during which the company I previously worked with did many social engineering assessments. Most of the assessment included phishing campaigns, which means creating and hosting phishing websites and crafting email campaigns. The available tools had certain limitations and were not very effective at simultaneously tracking data from the phishing emails and websites," security consultant Gem George, the tool's creator, told Help Net Security.

The Homebrew package manager for macOS and Linux has fixed an issue that could have been exploited by miscreants to run malicious code on people's computers. Specifically, the project's GitHub Actions setup could have been abused to sneak arbitrary Ruby code into its Cask repositories, security researcher RyotaK discovered and disclosed via HackerOne.

Adversa has published comprehensive research on the security and trustworthiness of AI systems worldwide during the last decade. The research considers the impact of ongoing regulations concerning AI security in the EU and USA. "Building trust in the security and safety of machine learning is crucial. We are asking people to put their faith in what is essentially a black box, and for the AI revolution to succeed, we must build trust. And we can't bolt security on this time. We won't have many chances at getting it right. The risks are too high - but so are the benefits," said Oliver Rochford, Adversa Advisor.

"As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users - even as a complete stranger," said a team of academics from the Technical University of Darmstadt, Germany. AirDrop is a proprietary ad hoc service present in Apple's iOS and macOS operating systems, allowing users to transfer files between devices by making use of close-range wireless communication.