Security News > 2021

An iPhone and Android app called NHS COVID-19 is the official iPhone and Android coronavirus contact tracing software for the vast majority of the population of Great Britain. Apparently, the government was keen to have an updated version of the NHS COVID-19 app ready in time, with added location tracking features that would allow users to share their location logs with the health service.

Clubhouse did not respond to emailed requests for comment on these possible security risks. Jerry Ray, COO of enterprise data security and encryption company SecureAge, said that he sees two types of security risks for people using Clubhouse: The threat of exposure of recorded voice content and the threat of exposure of customer or account ID and associated personally identifiable information.

Gartner predicted in 2018 that at least "80 percent of worker tasks" would shift to mobile devices by 2020. The mobile device that an employee uses to access their corporate data in platforms such as Google Workspace or Office 365 might be used later to browse social media or download a new app for personal use.

The cybersecurity poverty line is a term that can help companies understand security gaps and build better awareness. SEE: How to manage passwords: Best practices and security tips.

Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft. Attackers are using "Contact us" forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said.

DoControl emerged from stealth mode on Monday with an automated data access controls platform for SaaS applications, and more than $13 million in funding. It raised $3.35 million in seed funding and it recently raised another $10 million in a Series A funding round led by RTP Global, with participation from StageOne Ventures, Cardumen Capital and CrowdStrike's early stage investment fund, Falcon Fund.

The threat actors behind the IcedID Trojan are experimenting with various delivery methods to increase efficiency, including sending malicious messages from web-based contact forms. Some of the attacks switched to the abuse of contact forms for the delivery of malicious messages.

Israeli spy agencies accused Iran on Monday of using fake social media accounts to lure citizens of the Jewish state abroad "To harm or abduct them". The Israeli claim came hours after Iran accused its arch-enemy of orchestrating an attack on a key nuclear site and vowed "Revenge".

A ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek has caused a cheese shortage in Dutch supermarkets. Bakker Logistiek is one of the largest logistics services providers in the Netherlands, offering air-conditioned warehousing and food transportation for Dutch supermarkets.

Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. "The only way to do that is to adopt the attacker's perspective. With this perspective, teams can more effectively manage the vulnerabilities on the attack surface by deprioritizing 'high-severity' vulnerabilities that are of little adversarial value and prioritizing those that are likely to be weaponized. Hackers are looking for the path of least resistance, making them fairly predictable when you have a good amount of information about your attack surface from their perspective."