Security News > 2021
Google Project Zero will now give organizations a 30-day grace period to patch zero-day flaws it discovers in a new disclosure policy revealed this week aimed at speeding up the time it takes for patches to be adopted. Now research group is changing this tactic slightly, saying it will delay disclosure of the technical details of the vulnerability until 30 days after a patch is issued if that patch is created within the 90-day period, according to a blog post by Project Zero's Tim Willis posted Thursday.
Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. The world would not find out about the SolarWinds debacle until early December 2020, when FireEye first disclosed the extent of its own compromise from the SolarWinds malware and published details about the tools and techniques used by the perpetrators.
The United Kingdom, Canada, the European Union and NATO have expressed support for the United States in blaming Russia for the cyberattack on IT management company SolarWinds, which impacted organizations worldwide. The announcements were made the same day that the United States expelled 10 Russian diplomats and sanctioned dozens of companies and people in an attempt to punish Russia, which is believed to have orchestrated last year both interference with the US presidential elections and the SolarWinds breach.
The Treasury Department on Thursday slapped six Russian technology companies with sanctions for supporting Kremlin intelligence agencies engaged in "Dangerous and disruptive cyber attacks." Only one of them stands out for its international footprint and partnerships with such IT heavyweights as Microsoft and IBM. That company, Positive Technologies, claims more than 2,000 customers in 30 countries, including major European banks Societe Generale and ING, as well as Samsung, SK Telecom of South Korea and BT, the British telecommunications giant.
Australian federal court sent a message to Big Tech about its willingness to act on privacy violations when it ruled today that Google had "Partially" misled consumers about collecting mobile phone personal location data. For Google to not collect a device's location data, the user needed to let their wishes be known in both the "Location History" and the "Web & App Activity" setting segments.
Australian federal court sent a message to Big Tech about its willingness to act on privacy violations when it ruled today that Google had "Partially" misled consumers about collecting mobile phone personal location data. For Google to not collect a device's location data, the user needed to let their wishes be known in both the "Location History" and the "Web & App Activity" setting segments.
Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA.
Google's Project Zero cybersecurity research unit on Thursday announced that it's making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw. Project Zero has announced three major changes to its vulnerability disclosure policy in 2021, compared to 2020.
Google violated Australian law by misleading users of Android mobile devices about the use of their location data, a court ruled Friday in a landmark decision against the global digital giant. The federal court found that in 2017 and 2018 Google misled some users of phones and tablets featuring its Android operating system by collecting their personally identifiable location information even when they had opted out of sharing "Location History" data.
The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications. Researchers have named the malware HackBoss and say that its operators likely stole more than $500,000 from wannabe hackers that fell for the trick.