Security News > 2022 > July

In recent years, zero trust security has gained incredible attention from the government, cybersecurity leaders and regulators. Many organisations are still fuzzy on what zero trust means, and how to move forward on adopting the framework.

In some countries up to 90% of governmental websites add third-party tracker cookies without users' consent. "There are first-party cookies, which are those created by the visited website itself, while third-party cookies are those commonly created by external agents through content embedded in the website. In addition, there is the cookie ghostwriting, in which an external entity creates the cookie on behalf of another party and therefore its origin is unknown", highlights Srdjan Matic, Research Assistant Professor at IMDEA Software.

PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data. This Help Net Security video introduces the most important PCI DSS 4.0 changes.

The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication condition for projects deemed "Critical." "We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them," Python Package Index said in a tweet last week.

Details have emerged on how more than a billion personal records were stolen in China and put up for sale on the dark web, and it all boils down to a unprotected online dashboard that left the data open to anyone who could find it. The data collection included names, addresses, birthplaces, national ID numbers, cellphone numbers, and details of any related police records.

Google is testing a new 'Quick Intensive Throttling' feature that reduces CPU time by 10%, extending the battery life for laptops and mobile devices. In Chrome 87, Google introduced a new feature called 'Intensive Wake Up Throttling' that prevents JavaScript from waking up a tab more than once a minute after it has been suspended and hidden from view for more than 5 minutes.

Maastricht University, a Dutch university with more than 22,000 students, said last week that it had recovered the ransom paid after a ransomware attack that hit its network in December 2019. One week later, on December 30, the university decided to pay the ransom to have its files decrypted after deciding that rebuilding all infected systems from scratch or creating a decryptor were not viable options.

Threat actors exchange beacons for badgers to evade endpoint securityUnidentified cyber threat actors have started using Brute Ratel C4, an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint security solutions and gain a foothold on target networks, Palo Alto Networks researchers have found. Attackers are using deepfakes to snag remote IT jobsMalicious individuals are using stolen personally identifiable information and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week.

Although many community members praised the move, the developer of a popular Python project decided to delete his code from PyPI and republish it to invalidate the "Critical" status assigned to his project. We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them.

Comic reading platform Mangatoon has suffered a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database. This week, the data breach notification service Have I Been Pwned added 23 million Mangatoon accounts to their platform.