Security News > 2022 > July

Those forces are tracking technologies and data privacy regulations. Three pharmacies in Sweden recently reported themselves to the Privacy Protection Authority for deploying the ubiquitous Facebook "Tracking pixel" on their site and sharing consumers' personal data the pixel collected with the world's largest social network.

Content security policies are a great way to do that. Automated content security policies can help streamline the code review process by first identifying all first- and third-party scripts and the assets they access, and then generating an appropriate content security policy to help better secure the client-side attack surface.

In this Help Net Security video, Neal Bridges, CISO at Query.ai, talks about the rules organizations need to think about if they way to develop successful incident response (IR) plans. The post...

Recently, Microsoft retired IE 11 in favor of Microsoft Edge, which claims to be more secure than Google Chrome, with built-in defenses against phishing and malware. Does this mean security teams have one less application to worry about securing? The reality is no one browser owns the market.

ImmuniWeb, a global application security company with over 1,000 customers from more than 50 countries, unveils ImmuniWeb Neuron that is specifically designed to address both problems in a simple, efficient and effective manner. With ImmuniWeb Neuron, you don't need to worry about false positives anymore: for each false positive you spot in your scan report, you get your money back for the entire week of your subscription regardless of how large your scope is.

San Francisco lawmakers are mulling a proposed law that would allow police to use private security cameras - think: those in residential doorbells, medical clinics, and retail shops - in real time for surveillance purposes. The new proposal - championed by Mayor London Breed after November's wild weekend of orchestrated burglaries and theft in the San Francisco Bay Area - would authorize the police department to use non-city-owned security cameras and camera networks to live monitor "Significant events with public safety concerns" and ongoing felony or misdemeanor violations.

Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for customers with Windows Enterprise E3 and E5 licenses.

A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely. Called Rolling-PWN, the weakness enables replay attacks where a threat actor intercepts the codes from the keyfob to the car and uses them to unlock or start the vehicle.

Over the weekend, Rogers Communications CEO Tony Staffieri revealed the telecom company believes a maintenance update was what caused last week's massive outage. "We now believe we've narrowed the cause to a network system failure following a maintenance update in our core network, which caused some of our routers to malfunction early Friday morning," Staffieri said in a statement published Saturday.

Although guidance from the White House and CISA advising on this heightened risk for U.S. businesses and the increase in the proposed budget for cybersecurity within the federal government signals that more resources are needed to properly defend against these risks, this does not necessarily translate to more IT budget or security staff within most organizations in the private sector. Prioritizing the modernization of aging technology stacks will be essential to mitigate rising cybersecurity vulnerabilities and ensure the security of the organization's critical systems and applications from malicious cyber campaigns.