Security News

announced the next phase in its Global Diversity, Equity and Inclusion initiative. It will host a broad range of informative documents, webinars and research that can serve as a toolkit for any visitor who wants to audit, build and measure a DEI initiative in their organization, or simply wants to learn more about these issues.

A vulnerability affecting desktop versions of four popular web browsers could be exploited by advertisers, malicious actors, and other third parties to track and profile users online even if they switch browsers, use incognito mode or a VPN, researcher and developer Konstantin Darutkin claims. Darutkin and his colleagues from FingerprintJS are calling the vulnerability and its exploitation "Scheme flooding," as attackers can use browsers' built-in custom URL scheme handlers to check if site visitors have 32 different applications installed on their desktops.

In-depth specialist training is an essential part of this, but it's also important to step back and take a wider view now and again, taking in emerging threats, new techniques, and getting a reality check on how your peers deal with the same problems facing you. First up on this year's schedule is Purple Team Summit and Training 2021, which runs from May 17 to May 28, on US Eastern Time.

Well, SophosLabs researchers have just published a report entitled Fake Android and iOS apps disguise as trading andcryptocurrency apps, and it seems that some investment scammers are taking a similar sort of approach. If you've gone to all the trouble of building an imposter website that looks like a genuine online currency trading business, and a fake app that is believable enough to pass muster as belonging to someone else's brand.

The City of Tulsa, Oklahoma, has suffered a ransomware attack that forced the City to shut down its systems to prevent the further spread of the malware. Tulsa is the second-largest city in Oklahoma, with a population of approximately 400,000 people.

In the latest move to improve the privacy of the Chrome browser, Google is adding support for a new HTML tag that prevents user tracking by isolating embedded content from the page embedding it. To prevent this, Google is adding a new form of embedded iframe called a "Fenced frame" to isolate the embedded content and not allow it to see the user data of the embedding page.

Bank holding company First Horizon Corporation disclosed the some of its customers had their online banking accounts breached by unknown attackers earlier this month. First Horizon Bank, the company's banking subsidiary, operates a network of hundreds of bank locations in 12 states across the Southeast.

The Wyoming Department of Health said on Wednesday it accidentally posted COVID test results of state residents onto their public-facing storage buckets. As far as the breath alcohol tests go, the employee accidentally posted the results of 18,312 people - mostly from Wyoming but also from other states - who breathed into a tube for law enforcement in Wyoming as far back as April 19, 2012 and on up until Jan. 27, 2021.

Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. In March, MangaDex was hacked, and a threat actor claimed to have stolen the site's source code and its database, which they said had not been published anywhere.

A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes. "We're investigating a potential issue with Exchange Online mailflow in North America," Microsoft shared on the company's Microsoft 365 Status Twitter account.