Security News > 2021

This is a current list of where and when I am scheduled to speak: I’m keynoting the (all-virtual) RSA Conference 2021, May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber...

Discussions surrounding how to ensure data privacy have been replaced with conversations on how citizens' data is being used, collected and processed. Generally, regulations should continue to pressure companies - including government entities - to provide adequate cybersecurity measures and follow the principle of least privilege to protect the data they have been entitled to collect or process, including transparency and giving users access to their data.

Google has announced new updates to Chrome 89 following the discovery of yet another live exploit for a vulnerability in the V8 JavaScript engine. One of the flaws affects V8, which in January was found to suffer from a heap overflow bug severe enough to prompt a round of updates.

Whether you're writing corporate policies for business workers or university policies for faculty and staff, crafting an effective IT policy can be a daunting and expensive task. For less than what it would cost to create a single policy, TechRepublic Premium subscribers get access to over 100 ready-made IT policies.

Cybersecurity firm Securonix has announced a new level to its collaboration with AWS that will allow AWS customers to use Securonix security information and event management software without ever leaving their current AWS hosting solutions. Securonix describes the new collaborative product as a "Bring your own cloud" program "Providing customers with deployment options that are aligned with their cloud strategies, data retention requirements and overall business needs."

Last month, Google announced plans to roll out a new privacy-focused feature called Federated Learning of Cohorts for the Chrome browser and ad serving websites. FLoC has been criticized by the Electronic Frontier Foundation and outright rejected by makers of Vivaldi and Brave browsers for its debatable claim of being a privacy-preserving technology.

Federal authorities in the U.S. have swooped in to eliminate malicious backdoor code planted by attackers on vulnerable Microsoft Exchange servers across the country. This latest effort eliminated the remaining web shells of one specific hacking group, which would have given it persistent access to Exchange servers in the U.S. had they remained.

One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access. Even if the vulnerabilities were patched, the shell would remain until the network operators removed it.

Hackers are using search-engine optimization tactics to lure business users to more than 100,000 malicious Google sites that seem legitimate, but instead install a remote access trojan, used to gain a foothold on a network and later infect systems with ransomware, credential-stealers, banking trojans and other malware. Attackers use Google search redirection and drive-by-download tactics to direct unsuspecting victims to the RAT-tracked by eSentire as SolarMarker.

Cybersecurity firm NETSCOUT has released a new report detailing the state of DDoS attacks during the past year and it leads with an unfortunate new statistic: 2020 was the first year that the number of observed DDoS attacks crossed the 10-million mark. The most DDoS attacks recorded in a single month hit a new high at 929,000, and average DDoS attacks per month topped 2019 averages by between 100,000 and 150,000.