Security News

IBM is working with partners on its Digital Health Pass, which allows for easy sharing of health credentials such as a COVID-19 vaccine or test. IBM's GM Jason Kelley shares details.

Mozilla this week released Firefox 88 in the stable channel with patches for a dozen vulnerabilities and with improved user privacy, obtained through isolating the window. Name property has been available for websites to store whatever data they choose to, but such data has often been allowed to leak between sites, essentially allowing for the tracking of users across the pages they visit.

Using Washington State's proposed law as a guide, New York, Texas and many other states are inching their way toward a data privacy law. "Virginia is now just the second state to pass a comprehensive privacy bill. While we're pleased that Virginians will have new privacy rights, legislators should continue working in the next session to strengthen it. This bill has some important privacy provisions, but consumers need more practical options for controlling their data."

We look at the big-money hacks from the 2021 Pwn2Own competition. We investigate the difficulties of hiring an assassin via the dark web.

Australian security firm Azimuth has been identified as the experts who managed to crack a mass shooter's iPhone that was at the center of an encryption standoff between the FBI and Apple. Until this week it had largely been assumed that Israeli outfit Cellebrite was hired to forcibly unlock an encrypted iPhone 5C used by Syed Farook - who in 2015 shot and killed colleagues at a work event in San Bernardino, California, claiming inspiration from ISIS. Efforts by law enforcement to unlock and pore over Farook's phone were unsuccessful, leading to the FBI taking Apple to court to force it to crack its own software to reveal the device's contents.

Discussions surrounding how to ensure data privacy have been replaced with conversations on how citizens' data is being used, collected and processed. Generally, regulations should continue to pressure companies - including government entities - to provide adequate cybersecurity measures and follow the principle of least privilege to protect the data they have been entitled to collect or process, including transparency and giving users access to their data.

This agreement brings Semafone into the Avaya ecosystem of alliances, with the goal of helping contact center customers solve the complex security and compliance challenges faced as they embrace a work from anywhere model. The integration of Semafone's, DevConnect certified, secure payment technology with Avaya OneCloud enterprise Session Border Controller, enables Cardprotect Voice+ to be deployed and used across all global Avaya OneCloud contact center solutions.

Auth0 announced that Lucy McGrath has been appointed as the company's first Vice President of Privacy. McGrath is an international data privacy lawyer and will be responsible for enabling Auth0 and its customers to continue to solve dynamic privacy challenges and protect the users and other humans impacted by their work.

Mozilla volunteers have recently been flooded with online merchants and marketers' requests for their domains to be added to what's called a Public Suffix List. Public Suffix List is an initiative of the Mozilla community volunteers to maintain a list of top-level domains and domains that should be treated as one to prevent the mixing of cookies between distinct domains.

The Atheist Alliance International, an organisation that works to demystify atheism and advocate for secular governance, has taken legal action it hopes will prove that members' personal data does not remain in the possession of the rival International Association of Atheists. The Alliance first came to The Register's attention in February 2021 when a member shared an AAI newsletter that claimed the Association - a body founded by former AAI staffers - had taken a member database and was using it to mail AAI members.