Security News > 2021

While new guidance from NIST recommends against the long-held notion of forced password changes, it is still a common and required security mechanism across other compliance standards and industry certifications such as PCI and HITRUST. When the password age is reached for the user account, the user must change their account password. Forester Research adds to this finding by research showing the average help desk labor cost for a single password reset can cost upwards of $70 or more.

Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform.

An effective phishing attack may allow an attacker to establish a beachhead without any credential theft. Network micro-segmentation plays a central role in the realization of zero trust strategies by severely limiting the lateral movement of an attacker and obstructing their ability to navigate the network.

CISOs face a rising 'security debt' to secure their organizations against an increasing volume of attacks by well-armed criminals. Despite going up against a criminal industry that enjoys advantages when it comes to speed and shared weaponry, CISOs and their teams report turning away increasing volume of attacks and preventing more of them from becoming breaches or compromises, according to a report from F-Secure.

His focus on information security began when he served in the U.S. Army, where he spent years identifying vulnerabilities and working on mitigation strategies to protect the network. From there, he served with NATO, where he played a very active role in cultivating a proactive security culture.

Adversaries are increasingly abusing Telegram as a "Command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems. In September 2019, an information stealer dubbed Masad Stealer was found to plunder information and cryptocurrency wallet data from infected computers using Telegram as an exfiltration channel.

Asian businesses are set for a security spending spree, according to analyst firm IDC. The firm's new Worldwide Semiannual Security Spending Guide for 2021 has tipped the APAC region to spend US$23. 1bn on security products and services in 2021, an increase of 12.6 per cent.

43.13% of workers will stay remote after the pandemic ends and two out of three IT professionals are concerned with teleworking endpoint misuse, a new Prey study reveals. The report examines the remote work challenges generated by the pandemic year and the number of people working from home far from corporate environments, on insecure networks, in many cases sharing with other unsafe devices in their homes.

IT security teams faced unprecedented challenges last year fueled by dramatically expanded work-from-home programs, increased BYOD policy adoptions, and rising internal and third-party risks stemming from the COVID-19 pandemic, CyberEdge Group reveals. It's no surprise that many IT security teams are shifting their security infrastructure investments from traditional, on-premises offerings to modern, cloud-based solutions.

ResearchAndMarkets released a report that addresses several current technologies that, according to the ITU classifications, are transitioning to the 5G communications era. The 5G wireless communication system will be a converged system with multiple radio access technologies integrated together.