Security News > 2021

Microsoft has disabled Google's controversial FLoC browser-based tracking feature in their Chromium-based Microsoft Edge browser. This month, Google began testing a new tracking platform called Federated Learning of Cohorts, or FLoC, that places users in anonymous buckets, or cohorts, based on their interest and browsing behavior.

ShareGate's first annual State of Microsoft 365: Migration, Modernization and Security report recommends a new approach to security in this time of remote work. Instead of trying to control all activity, security leaders should give users more freedom to manage Microsoft 365 features combined with clear data governance guidance.

Rogers is currently affected by a nationwide outage in Canada that prevents customers from accessing wireless voice and data services. The outage started at approximately 1 AM, with users taking to social media to voice their frustration that they can't access voice or data.

Codecov, makers of a code coverage tool used by over 29,000 customers, has warned that a compromised script may have stolen credentials over a period of two months, before it was discovered a few weeks ago. Codecov is a cloud-based tool which integrates with GitHub, GitLab, Atlassian Bitbucket, or any Git-based repository.

Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses climate change and the cyber-resilience lessons companies should take away from dealing with the pandemic. While COVID-19 caught many businesses off guard, smart executives are already thinking about the next global crisis and what challenges it might present for IT security.

The former systems administrator for the FIN7 card-slurping gang has been sentenced to 10 years in a US prison. Fedir Hladyr, 35, pled guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking last year, and on Friday was sentenced for his role in the theft and resale of over than 20 million customer card records from over 6,500 point-of-sale terminals across the US using the malware dubbed Carbanak.

Latest video - watch now! We look at the recent FBI "webshell hacking" controversy from both sides.

A Comparitech report found that there were 92 separate ransomware attacks in 2020 that had an effect on more than 600 US clinics, hospitals and organizations. "85% of ransomware attacks could be prevented in your organization if you were using MDBR because 85% of ransomware attacks are done using known ransomware domains," Mattison said.

An unfortunate byproduct of the employee turnover is the cybersecurity threat that comes with having a significant number of former employees. "A lot of companies fail to have clear policies or a checklist that employers use for post-employee separation. This is extremely important because failing to do so is going to involve a lot of things but the most important thing is that you want to make sure that the former employee or even a subcontractor that previously had access to the organization's technologies and systems is completely locked out," Guccione said in an interview.

Well, it's back, and this time it's called SMASH. Rowhammering is a reliability problem that besets many computer memory chips, notably including the sort of RAM in your laptop or mobile phone. Bluntly put: using a rowhammer attack, you can make modifications, albeit hapazardly, to memory that has nothing to do with you, just by reading repetitively from memory that's allocated to your program.