Security News > 2021

The applications attract users with a promise of a free 3-day trial, with an unusually high subscription fee attached. Once the trial is over, users are charged a recurring subscription fee - even if they deleted the app by that time - until they cancel the subscription in their device's app subscriptions settings.

Backblaze has removed Facebook tracking code accidentally added to web UI pages only accessible to logged-in customers. Backblaze discovered the issue after receiving user reports on March 21 that pages on the B2 web UI were sending file names and sizes to Facebook.

Microsoft on Wednesday announced that its bug bounty programs now also cover the desktop client of its Teams business communications platform. The tech giant is offering rewards for vulnerabilities in the Teams desktop client as part of its Application Bounty Program, which will feature additional app-related bounties in the future.

Microsoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform. Microsoft Teams offers workspace chat, VoIP and videoconferencing, file sharing through chats, and meetings.

BP Chargemaster, purveyors of sockets for electric vehicles, seemingly had its email domain hijacked by criminals who used formerly legitimate addresses to send banking trojans to customers. Register reader Matt received some emails from BP Chargemaster which he was certain didn't come from the company.

A security engineer and ex-contributor to an open systems non-profit organization recently reported a data leak to the organization. On discovering this GitHub repository which, the engineer says, was public since at least 2019, the engineer privately reported it to Apperta, and got thanked by them.

A security engineer and ex-contributor to an open systems non-profit organization recently reported a data leak to the organization. On discovering this GitHub repository which, the engineer says, was public since at least 2019, the engineer privately reported it to Apperta, and got thanked by them.

Threat data feeds can help organizations strengthen their cybersecurity posture, according to a report from the Ponemon Institute. As cyberthreats proliferate, many organizations are using threat feeds with insights from domain name system data to help IT security teams better understand threats and block malicious activity.

As Google security engineers pointed out, these mechanisms do not prevent the Spectre exploit, but rather "Protect sensitive data from being present in parts of the memory from which they can be read by the attacker." To further reduce the risk of data leakage, website owners should add an extra line of defense to protect the actual data in memory in the event that all other security controls.

"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fueled explosion in distributed and remote work has created a perfect storm for network security teams," said Satin H. Mirchandani, President and CEO of FireMon. Five major areas for network security investment Automation - More than 50 percent of organizations are currently investing in automating policy management to safeguard against inefficient and risky functions and 79 percent say they'll implement security orchestration and automation within two years to improve agility and responsiveness.