Security News

Typically, a web browser permits scripts on one web page to access data on a second web page only if both pages have the same origin/back-end server. Without this security policy in place, a snooper who manages to inject a malicious script into one website would be able to have free access to any data contained in other tabs the victim may have open in the browser, including access to online banking sessions, emails, healthcare portal data and other sensitive information.

Between the need for secure access to digital services and the demand for increased security, the case for a trusted and verifiable ID system has never been stronger. One question remains: Who gets to implement this system? If the answer is a company or a government, then concerns around personal privacy and civil liberties become quite relevant.

Facebook has sued a Ukrainian national for allegedly harvesting and selling personal data describing 178 million of the Social NetworkTM's users - actions it says violates the service's terms of service. The suit alleges that Alexander Alexandrovich Solonchenko created millions of virtual Android devices, each with a different phone number, and used them to deliver automated requests to Facebook systems using the Messenger app.

Time has not been kind to IDS and has created wide security gaps. To combat the outdated nature of IDS, organizations should adopt next-generation IDS to fulfill the defense-in-depth promise unmet by legacy IDS. NG-IDS is effective against more types of attacks and fills glaring decryption and cloud compliance gaps while improving security.

Apple has unveiled the first eight states that will roll out digital IDs and drivers licenses on its mobile devices, despite critics' concerns that the introduction of purely digital forms of identification will raise privacy, security and equanimity issues. To assuage security fears that come with storing people's identity on its devices, Apple is asserting that state DLs and IDs stored in Wallet on iPhone and Apple Watch will "Take full advantage of the privacy and security" built into the devices, the company said.

Google Cloud this week announced new security offerings for its customers, including Autonomic Security Operations to improve security operations centers and Cloud Intrusion Detection System for network-based threat detection. Autonomic Security Operations, the Internet giant says, represents a "Stack of products, integrations, blueprints, technical content, and an accelerator program" meant to help customers leverage Chronicle and Google technology and expertise to advance their SOC. A collection of philosophies, practices, and tools, Autonomic Security Operations should help organizations improve their resilience against cyberattacks, with an automated approach to threat management.

Hong Kong's Office of the Government Chief Information Officer has revealed that the territory is investigating the use of its digital ID in mainland China. In a Q&A, Secretary for Innovation and Technology, Mr Alfred Sit, said "The OGCIO is exploring with relevant authorities in the Mainland and Macao the collaboration opportunities between their identity authentication systems and iAM Smart."

As part of this partnership, Liquid Web customers can employ the Threat Stack Oversight Intrusion Detection System as an additional layer of security to Liquid Web servers with an advanced Intrusion Detection System. Together, Threat Stack Oversight and Liquid Web will provide customers with real-time monitoring for user, process, network, and file behaviors in critical systems across Linux and Windows servers.

This cloud-based software offers a simple, secure, adaptable and efficient way to issue physical and digital IDs using a single, easy-to-use platform. As organizations become more decentralized, opening the door to new requirements to securely manage and remotely issue credentials, there is an increase in pressure to maintain a safe and secure flow of data - including the data stored on physical and digital credentials.

Finland's domestic security agency said Thursday that the cybergroup APT31, which is generally linked to the Chinese government, was likely behind a cyberspying attack on the information systems of the Nordic country's parliament. The Finnish Security and Intelligence Service, known by the abbreviation Supo, said it had "Identified a cyber espionage operation targeted in 2020 against parliament with the aim of intruding into parliament's IT systems."