Security News

Even if an organization has already brought its password policy in line with NIST's recommendations, it is a good idea to periodically revisit those recommendations since they do change over time. Not surprisingly, NIST no longer recommends scheduled password changes.

Google has expanded its policies to allow doxxing victims to remove more of their personally identifiable information from search engine results starting earlier this week. While people already had the option to request the removal of personal data that could be used in financial fraud, such as credit card and bank account info, before this update, Google now also allows demands to delete contact information.

Policies must be written to account for this, and the strongest policies are built on an authorization model that is orchestrated in nature. An orchestrated and centralized approach to authorization builds dynamic and fine-grained access control policies that meet the demands of modern security strategies including zero trust.

Google has announced several key policy changes for Android application developers that will increase the security of users, Google Play, and the apps offered by the service. These new developer requirements will take effect between May 11th through November 1st, 2022, giving developers enough time to adjust to the new changes.

The US State Department this week launched an agency responsible for developing online defense and privacy-protection policies and direction as the Biden administration seeks to integrate cybersecurity into America's foreign relations. "The last few years have made evident how vital cybersecurity and digital policy are to America's national security," said Secretary of State Antony Blinken during a ribbon-cutting ceremony for the new Bureau of Cyberspace and Digital Policy.

Microsoft has released a new Windows 11 build with a long list of changes, improvements, and fixes for known issues, available for all Windows Insiders that will install the Windows 11 Insider Preview Build 22579 pushed to the Dev Channel. The build's highlight is a new policy for Windows admins who want to exclude USB removable drives from BitLocker encryption.

A Register reader has raised concerns over UK ISP Virgin Media's password policies after discovering he couldn't set a password longer than 10 characters or one that includes non-alphanumeric characters. "I am having a running battle with a hacker who is able to crack a 10-character password used for Virgin or Virginmedia email in less than a day," Nick complained, saying the attacker was setting up auto-forward rules to divert his emails as well as being able to guess newly reset passwords within a day.

Nirmata announced a report that features an analysis of the current cloud native policy management market adoption, including the technologies used and the challenges that organizations face. The survey highlights that nearly 50 percent of users in cloud native environments have adopted some level of policy management solution in their Kubernetes environment.

To select a suitable policy automation solution for your business, you need to think about a variety of factors. The policy automation solution should easily expand as new network and cloud security controls are added.

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from a weakness in the SSH authentication mechanism of Cisco Policy Suite.