Security News

Advanced, a managed software provider to the UK National Health Service, has confirmed that customer data was indeed lifted as part of the attack by cyber baddies that has disrupted operations for months. The incident disrupted healthcare customers, forcing NHS 111 medical services operators, for example, to revert back to pen and paper as digital services went AWOL, sources told us at the time.

SolarWinds unveils the results of its survey examining the state of the technology job market amid industry-wide labor shortages and hiring challenges. Released to coincide with the eighth-annual IT Pro Day holiday, the survey found despite a potential economic downturn, more than two-thirds of tech and IT professionals surveyed said they're completely confident in their career choices.

An ongoing malvertising campaign is injecting ads in the Microsoft Edge News Feed to redirect potential victims to websites pushing tech support scams. App subdomains to host their scam pages within a single day.

Today's requirements [PDF] stem from US President Joe Biden's cybersecurity executive order from May 2021, which was in response to the SolarWinds disaster and other high-profile software supply chain meddling. This is essentially a guarantee from the vendor that their product meets minimum NIST standards for secure software development.

The US Commerce Department's Bureau of Industry and Security has relaxed restrictions that barred export of some encryption technologies to Huawei, in the name of ensuring the United States is in a better position to negotiate global standards. A Thursday announcement [PDF] explains the decision was taken because American businesses have told the Biden administration they're confused about whether they need to seek a license before bringing some tech to standards talks.

China will conduct a three month blitz to cleanse the local internet of "Rumors and false information". The nation's Cyberspace Administration last Friday announced the plan, which calls for local tech companies to improve their ability to identify the source of rumors and fake news, then punish account-holders who share it with warnings, bans, and permanent suspensions.

"An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information," the makers of the popular password manager LastPass announced on Thursday, but reassured users that the Master Passwords securing their password vaults are safe. LastPass says that they detected the breach two weeks ago, but that they haven't discovered evidence of the attacker gaining access to customer data in their production environment or encrypted password vaults.

TL;DR: Users were instructed to remain calm and update iOS to version 15.6.1 and the latest versions of Monterey, Big Sur and Catalina. Cookie theft threat: When multi-factor authentication is not enough.

A new report from Deloitte finds that the plethora of devices-and the work involved in managing them-is resulting in ongoing issues of tech fatigue and screen overload. Twenty-four percent of consumers said they're overwhelmed by the devices and subscriptions they need to manage, down from 32% last year. More than half of those surveyed are worried about the security vulnerability of their smartphones and smart home devices; 40% of users are concerned about data security on their smartwatches and fitness trackers.

Digitalization and rising consumer expectations are having a major impact on the working conditions of the technology teams sustaining the digital operations that drive the modern economy, and burnout and attrition are on the rise, according to PagerDuty. Technical employees are more likely to leave certain kinds of teams based on after-hours expectations and inconsistent workloads.