Security News > 2022 > June

Mozilla says that all Firefox users will now be protected by default against cross-site tracking while browsing the Internet. "Total Cookie Protection is Firefox's strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site."

Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service attack, the largest HTTPS DDoS attack detected to date. The threat actor behind it likely used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker Internet of Things devices from compromised Residential Internet Service Providers.

Two security vendors - Orca Security and Tenable - have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure. In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January.

A report released Tuesday by Ping Identity and Yuibco looks at the repercussions of weak passwords. Among the respondents, 94% said they have serious concerns about user-generated passwords, with half of them believing that passwords are too weak for security purposes.

Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys­with no authentication required and zero indication given by the in-car display. "The authorization given in the 130-second interval is too general [it's] not only for drive," Herfurt said in an online interview.

RSA Conference concluded its 31st annual event at the Moscone Center in San Francisco on Friday, June 10. Several of the most pressing topics discussed during this year’s Conference included...

Kaiser Permanente suffered a data breach due to email compromise on April 5 that potentially exposed the medical records of nearly 70,000 patients, the company revealed earlier this month.Attackers gained access to the emails of an employee at Kaiser Foundation Health Plan of Washington that contained "Protected health information," the company revealed in a letter to affected clients on June 3.

A new Linux malware that's "Nearly impossible to detect" can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said. The name is an homage to how the malware operates, which is differently than other Linux malware that researchers have encountered, Kennedy explained.

June 15, 2022, is the day that Microsoft will stop supporting most versions of Internet Explorer 11, and organizations should have ensured that they ready for its retirement. Starting tomorrow, the company will no longer support the Internet Explorer 11 desktop application on some versions of Windows 10, namely: Windows 10 client SKUs and Windows 10 IoT. When trying to open IE, users of those OSes will be "Redirected" to Microsoft Edge, i.e., the new browser will open after a notification message.

More than two years after England launched a COVID data store, keeping details of National Health Service patients, the country's National Data Guardian remains unsatisfied with who is accessing the data. The COVID-19 data store was launched in March 2020, and would pull together medical and operational data about the spread of the virus across the country.