Security News

Executives and leaders from big tech, education, the finance sector, and infrastructure have committed to bolstering US interests' security during yesterday's White House cybersecurity summit. The Biden administration has added natural gas pipelines to the Industrial Control Systems Cybersecurity Initiative, aiming to strengthen critical infrastructure cybersecurity.

The gist of the matter is that the default rules of the Windows Filtering Platform - a set of API and system services that provide a platform for creating network filtering apps - permit executable files to connect to TCP sockets in AppContainers, which can enable malicious actors to pull off EoP. Essentially, some rules defined in WFP can be matched by a malicious actor to connect to an AppContainer and inject malicious code. As Forshaw explained in his report, connecting to an external network resource from an AppContainer is enforced through default rules in the WFP: "For example, connecting to the internet via IPv4 will process rules in the FWPM LAYER ALE AUTH CONNECT V4 layer," he wrote.

Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity. Two of the apps added insult to injury by requiring users to purchase them, researchers found: Crypto Holic - Bitcoin Cloud Mining costs $12.99 to download, while Daily Bitcoin Rewards - Cloud Based Mining System cost $5.99.

Google on Monday announced that a security update released for the Chrome web browser patches several high-severity vulnerabilities. Arriving on Windows, Mac, and Linux computers as Chrome 92.0.4515.159, the latest browser iteration packs a total of 9 security fixes, including 7 for bugs identified by external security researchers.

UNISOC announced that it has joined Google's new Android Ready SE Alliance, a collaboration between Google and Secure Element vendors, to offer a growing list of open-source, validated, and ready-to-use SE Applets for new and emerging use cases such as digital keys, identity credentials, E-money solutions. The alliance was created to make discrete tamper resistant hardware backed security the lowest common denominator for the Android ecosystem, which makes emerging applications on smart terminals more secure and convenient.

Google Cloud and Workday announced a strategic partnership that will enable businesses across the world to further their digital transformations. As a Workday preferred cloud partner across core industries-such as healthcare, financial services, and retail-Google Cloud will help businesses run Workday enterprise applications for finance, HR, and planning in a public cloud environment, with ease-of-management, and low network latency.

Google on Monday announced that it's discontinuing the Bluetooth version of the Titan Security Key and it will only offer devices that have near-field communication functionality. The company will only offer two types of Titan security keys: a USB-A version and a USB-C version, both with NFC capabilities.

A man who viewed documents online for a controversial London property development and shared them on social media was raided by police after developers claimed there had been a break-in to their systems. The society is a property development firm that wants to build flats over a children's caged ball court in the south London borough, something Hutchinson "Vocally opposes," according to the local paper.

Google is discontinuing the Bluetooth Titan Security Key to focus on security keys with Near Field Communication functionality. As part of this move, Google has also announced a new Titan Security Key with USB-C and NFC to go along with the previously available USB-A + NFC security key.

Jack Wallen shows you how to password protect your search history within your cloud account.