Security News

Former Brave chief policy officer Johnny Ryan is continuing his crusade against the online advertising industry by filing a lawsuit against Google, Facebook, Amazon, Twitter, and US telco AT&T in Germany. Ryan's latest campaign organisation, the Irish Council for Civil Liberties, said in a statement that online advertising amounts to "The Biggest. Data. Breach. Ever" and accusing internet adland of compiling "Secret dossiers" on every single netizen.

Essentially, FLoC allows marketers to guess users' interests without having to uniquely identify them, thereby eliminating the privacy implications associated with tailored advertising, which currently relies on techniques such as tracking cookies and device fingerprinting that expose users' browsing history across sites to advertisers or ad platforms. FLoC sidesteps the cookie with a new "Cohort" identifier wherein users are bucketed into clusters based on similar browsing behaviors.

Expel for Microsoft automates security operations across the Microsoft tech stack, including Active Directory, AD Identity Protection, Azure, MCAS, Microsoft Defender for Endpoint, Office 365 and Sentinel. Expel connects via APIs and ingests security signals from Microsoft's products into Expel Workbench, along with other third-party signals you have in place.

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

The Republic of Korea took two bold steps into the future on Tuesday, by announcing that the last of its 2G networks will go offline in June and that it will initiate large-scale adoption of communications protected by quantum encryption. The quantum tests will build on demos conducted in 2020, but this time South Korea's government hopes to involve multiple industries and to educate them on the benefits of the tech and how to adopt it.

As the total number of people working from home has grown dramatically in the last year or two, so has the number of individuals who use all of their own technology for their jobs. If you're a remote worker who relies on your own PC to get your work done, then you may be at a heightened risk for some of the major threats that are impacting the computer industry as a whole.

How far the company, Colonial Pipeline, went to address the vulnerabilities isn't clear. Colonial said it initiated the restart of pipeline operations on Wednesday afternoon and that it would take several days for supply delivery to return to normal.

He also identified flaws in the way frame aggregation - combining multiple network data frames - and frame fragmentation - splitting network data frames into smaller pieces - are implemented that magnify the impact of potential attacks. The 802.11 frame aggregation flaw involves flipping an unauthenticated flag in a frame header, which allows the encrypted data payload to get parsed as if it were multiple aggregated frames instead of a simple network packet.

An entity claiming to represent ransomware gang REvil says it has accessed "Large quantities of confidential drawings and gigabytes of personal data" from Quanta Computer Incorporated, a Taiwanese manufacturer that builds laptops and other gadgets for the likes of Apple, HPE, Lenovo, Cisco, and plenty of other top-tier tech companies. REvil said it is "Negotiating the sale" of the trove "With several major brands" and is sitting on data describing Apple's Watch, MacBook Air, and MacBook Pro, plus the Lenovo ThinkPad Z60m. The post announcing the alleged crack includes technical drawings of a laptop that bear Apple's logo.

On Thursday the ioXt Alliance, an Internet of Things security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire. The announcement of the new Mobile Application Profile [PDF], a certification program covering best practices and requirements to keep mobile apps safer than the low bar of vendor discretion, comes from the collaboration of more than 20 ioXt member companies like Amazon, Comcast, Google, and others.