Security News

Driven by the acceleration of digital transformation and cloud migration during the pandemic, the analysis of the world's top 1 million sites over the last 18 months shows that in many ways, the internet is becoming more secure. Despite the adoption of stronger encryption protocols, many companies continue to use legacy RSA encryption algorithms to generate keys, which in conjunction with TLS certificates, act as machine identities that authorize secure connections between physical, virtual and IoT devices, APIs, applications and clusters.

The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Log4j is used as a logging package in a variety of different popular software by a number of manufacturers, including Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and video games such as Minecraft.

Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than 20 million times. Companies affected range from major global players to smaller organizations in healthcare, insurance, media, and IoT - basically anyone using Kafdrop with Apache Kafka, an open-source distributed event streaming platform, for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.

Russia's internet watchdog, 'Roskomnadzor', has announced the ban of six more VPN products, bringing the total number to more than a dozen, shows a notification to companies in the country. The latest services added to the list of banned VPN services are Betternet, Lantern, X-VPN, Cloudflare WARP, Tachyon VPN, PrivateTunnel.

A new regulation coming in the form of an amendment in the Telecommunications Act of Germany could radically change the relationship between consumers and internet service providers. According to the draft, users will be able to test their internet speeds and, if there's a too large deviation between their real-world results and what their ISPs promised, they will be eligible for a bill discount.

According to the draft, users will be able to test their internet speeds and, if there's a too large deviation between their real-world results and what their ISPs promised, they will be eligible for a bill discount. The discount amount will be comparable to the deviation between the contractually agreed Internet speeds and the actual ones.

The Magniber ransomware gang is now using two Internet Explorer vulnerabilities and malicious advertisements to infect users and encrypt their devices. The Magniber gang is known for its use of vulnerabilities to breach systems and deploy their ransomware.

The United States has signed up for The Paris Call for Trust and Security in Cyberspace - an international effort to ensure the internet remains free and open, and an agreement to put critical infrastructure off limits to electronic attack by sovereign states and other actors. The Paris Call was issued by French president Emmanuel Macron in 2018, as part of that year's Internet Governance Forum held at UNESCO and alongside the Paris Peace Forum.

A Minister in the Singapore government has suggested the creation of an internet kill switch that would prevent minors from reading questionable material online - perhaps using ratings of content created in real time by crowdsourced contributors. "The post-COVID world will bring new challenges globally, including to us in the security arena," said Minister for Defence Dr Ng Eng Hen at a Tuesday ceremony to award the city-state's 2021 Defense Technology Prize.

The Internet Archive has launched a campaign against tech regulation by setting up a Wayforward Machine, semi-parodying its famous Wayback Machine archiving site. The Wayforward Machine paints a picture of the internet in 2046 - smeared with censorship, regulation, governmental interference, and more.