Security News

He also identified flaws in the way frame aggregation - combining multiple network data frames - and frame fragmentation - splitting network data frames into smaller pieces - are implemented that magnify the impact of potential attacks. The 802.11 frame aggregation flaw involves flipping an unauthenticated flag in a frame header, which allows the encrypted data payload to get parsed as if it were multiple aggregated frames instead of a simple network packet.

An entity claiming to represent ransomware gang REvil says it has accessed "Large quantities of confidential drawings and gigabytes of personal data" from Quanta Computer Incorporated, a Taiwanese manufacturer that builds laptops and other gadgets for the likes of Apple, HPE, Lenovo, Cisco, and plenty of other top-tier tech companies. REvil said it is "Negotiating the sale" of the trove "With several major brands" and is sitting on data describing Apple's Watch, MacBook Air, and MacBook Pro, plus the Lenovo ThinkPad Z60m. The post announcing the alleged crack includes technical drawings of a laptop that bear Apple's logo.

On Thursday the ioXt Alliance, an Internet of Things security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire. The announcement of the new Mobile Application Profile [PDF], a certification program covering best practices and requirements to keep mobile apps safer than the low bar of vendor discretion, comes from the collaboration of more than 20 ioXt member companies like Amazon, Comcast, Google, and others.

Last month, Google announced plans to roll out a new privacy-focused feature called Federated Learning of Cohorts for the Chrome browser and ad serving websites. FLoC has been criticized by the Electronic Frontier Foundation and outright rejected by makers of Vivaldi and Brave browsers for its debatable claim of being a privacy-preserving technology.

America's plan to compete with China includes a call for the land of the free to dominate tech standards bodies, especially for 5G, and to appoint an ambassador level official to lead a new "Technology Partnership Office" that Washington will use to drive tech collaboration among like-minded nations. Released last Thursday by the Senate Foreign Relations Committee, and expected to have bipartisan support, the draft Strategic Competition Act of 2021 offers 281 pages of policy aimed at "Ensuring the United States is postured to compete with China for decades to come," in the words of ranking member US Senator Jim Risch.

Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign. While browsing the web, most people at one time or another have been redirected to a tech support scam web site that pretends your computer is infected and then prompts you to dial a displayed phone number.

Scott Matteson: How is technology being used for money laundering efforts? Gudmundur Kristjansson: Money laundering begins when illegal sums are deposited in a bank, which triggers a complex sequence of banking transfers or commercial transactions that return the money to the launderer in an obscure and indirect way.

When version 90 of Google's Chrome browser arrives in mid-April, initial website visits will default to a secure HTTPS connection in the event the user has failed to specify a preferred URI scheme. Chrome 90 will make HTTPS the default for first time website visits where no transport has been declared.

Britain plans to cut the size of its army and boost spending on drones, robots and a new "Cyber force" under defense plans announced by the government on Monday. Defense Secretary Ben Wallace said the British Army would shrink from 76,500 soldiers to 72,500 by 2025.

RingCentral announced the acquisition of the technology and engineering team at Kindite. The new technology will be incorporated into RingCentral's global communications platform, providing customers with enhanced security capabilities including end-to-end encryption.