Security News

Britain's controversial Online Safety Bill will leave Britons more exposed to internet harms than ever before, the Internet Society has said, while data from other countries suggests surveillance mostly isn't used to target child abusers online, despite this being a key cited rationale of linked measures. Government efforts to depict end-to-end encryption as a harm that needs to be designed out of the internet as it exists today will result in "Fraud and online harm" increasing, the Internet Society said this week.

The Cyberspace Administration of China has shared its spring-cleaning plans with the world - and suggested it's time to make the Middle Kingdom's web sites sparkle with wholesome content. At the top of the list is violent content, which China has never wanted online.

A massive Minecraft tournament styled after the Netflix blockbuster Squid Game apparently inspired a distributed denial of service attack that took down the sole internet service provider in Andorra. Confirmed: Internet disruption registered on #Andorra Telecom on Saturday evening; the incident is attributed by the state telco to a DDoS attack targeting the high-stakes #SquidCraftGames Minecraft Twitch competition, resulting in the elimination of Team Andorra pic.

For every 1,000 assets on an attack surface, there is often only one that's truly interesting to an attacker. Attackers likely put it top of their list because 1) there is a known exploit; 2) Solarwinds is typically a mission-critical technology for a business that could give an attacker privileged access; and 3) it's widely used.

Germany-based security biz Avira's antivirus has enabled a new feature: "Avira Crypto". As NortonLifeLock also bought Avast last year, it will be interesting to see if its owner's new-found fondness for imaginary internet money will soften Avast's strong anti-cryptocurrency-mining stance.

Get your internet-exposed, network-attached storage devices off the internet now, Taiwanese manufacturer QNAP warns: Ransomware and brute-force attacks are widely targeting all network devices. "The most vulnerable victims will be those devices exposed to the Internet without any protection," QNAP said on Friday, urging all QNAP NAS users to follow security-setting instructions that the Taiwanese NAS maker included in its alert.

QNAP has warned customers today to secure Internet-exposed network-attached storage devices immediately from ongoing ransomware and brute-force attacks. "QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices," the Taiwanese NAS maker said in a press release issued today.

Driven by the acceleration of digital transformation and cloud migration during the pandemic, the analysis of the world's top 1 million sites over the last 18 months shows that in many ways, the internet is becoming more secure. Despite the adoption of stronger encryption protocols, many companies continue to use legacy RSA encryption algorithms to generate keys, which in conjunction with TLS certificates, act as machine identities that authorize secure connections between physical, virtual and IoT devices, APIs, applications and clusters.

The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Log4j is used as a logging package in a variety of different popular software by a number of manufacturers, including Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and video games such as Minecraft.

Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than 20 million times. Companies affected range from major global players to smaller organizations in healthcare, insurance, media, and IoT - basically anyone using Kafdrop with Apache Kafka, an open-source distributed event streaming platform, for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.