Security News > 2021

Google has mysteriously removed the popular browser extension ClearURLs from the Chrome Web Store. ClearURLs is a web browser add-on available for both Google Chrome and Mozilla Firefox tasked with removing tracking bits from the URLs.

It's not yet very accurate or practical, but under ideal conditions it is possible to figure out the shape of a house key by listening to it being used. In this paper, we propose SpiKey, a novel attack that significantly lowers the bar for an attacker as opposed to the lock-picking attack, by requiring only the use of a smartphone microphone to infer the shape of victim's key, namely bittings(or cut depths) which form the secret of a key.

Cybercriminals ruthlessly exploited the coronavirus pandemic to set up phishing websites that posed as Pfizer, BioNTech and other household-name suppliers of vaccines and PPE, according to Palo Alto Networks. In a post published today, Palo Alto's Unit 42 threat intel division said COVID-themed phishing lure URLs "Largely centered around Personal Protective Equipment and testing kits in March 2020, government stimulus programs from April through the summer 2020 and vaccines from late fall 2020 onward."

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 68 has been released today. It’s a free download, no registration...

When version 90 of Google's Chrome browser arrives in mid-April, initial website visits will default to a secure HTTPS connection in the event the user has failed to specify a preferred URI scheme. Chrome 90 will make HTTPS the default for first time website visits where no transport has been declared.

KPMG's latest survey of global CEOs shows widespread belief that the remote-working trend will linger into 2022 as the world gets to grip with COVID-19. Almost half of bosses surveyed by the accountancy biz said they don't expect a return to "Normal" by next year.

A former IT consultant hacked a company in Carlsbad, California, and deleted almost all its Microsoft Office 365 accounts in an act of revenge that has brought him two years of prison time. More than 1,200 user accounts were removed in this act of sabotage, causing a complete shutdown of the company's operations for two days.

Now, with the UK government's roadmap out of lockdown underway, it is predicted that employers will strive to keep the element of flexibility by moving to hybrid working models. It is then unsurprising that remote working appears to have increased in popularity over the last year, with a survey in 2020 revealing almost 90% of respondents wanted to continue working from home in some capacity moving forwards.

Many recent high-profile breaches have underscored two important cybersecurity lessons: the need for increased scrutiny in evaluating access and controls of partners handling valuable customer data, and the imperativeness of assessing a third party's approach to cyber resilience. Recently, the Cybersecurity and Infrastructure Security Agency included security ratings or scorings as part of its cyber risk reduction initiative.

While total combined fraud losses climbed to $56 billion in 2020, identity fraud scams accounted for $43 billion of that cost. Traditional identity fraud losses totaled $13 billion, Javelin Strategy & Research reveals.