Security News

These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards. Birsan tells BleepingComputer he is not behind these copycat "Research" packages, although he did admit to uploading a few more packages today under his real npm account.

These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards. Birsan tells BleepingComputer he is not behind these copycat "Research" packages, although he did admit to uploading a few more packages today under his real npm account.

For globally operating tech companies, these developments point to a future where data privacy will become a compliance minefield. With an incoming Vice President who has a strong record of promoting consumer privacy protection legislation and a substantial political mandate for change, more stringent privacy laws are a question of when rather than if.

A researcher managed to breach over 35 major companies' internal systems, including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack. Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.

Claroty said 25% more vulnerabilities were reported in 2020 than in 2019, 70% of which had high or critical CVSS scores. Industrial cybersecurity company, Claroty, has released its biannual industrial control systems risk and vulnerability report, which found that the number of reported vulnerabilities increased by 25% when compared to 2019, with critical infrastructure areas like manufacturing, energy, water, and commercial facilities being most affected.

European companies that accelerate both their digital and sustainability transitions are likely to recover faster and emerge stronger from the COVID-19 crisis, according to a report from Accenture. The report indicates that companies leading in both digital adoption and sustainable practices are nearly three times more likely than other companies to be among "Tomorrow's leaders," thereby recovering faster and emerging stronger from the crisis.

President Brad Smith said that national security is threatened by the industry's inability to learn lessons from the past.

Former ADT employee Telesforo Aviles took note when there were attractive women at a home he serviced in the Dallas area. Aviles admitted to regularly adding his own email address to customers' ADT Pulse accounts so he could watch customers in real time without them knowing.

TechRepublic will be reporting on all of the CES 2021 tech news that business pros need to know. CES 2021 wrap up: How enterprise tech makes all those smart toilets and robots possibleFrom smart toilets and disinfecting robots to transparent OLED displays and sleep tech, CES 2021 was a showcase for the latest innovations in consumer and enterprise technology.

"I think the stars are better aligned than ever in the past," Keith Enright, Google's chief data privacy office, told a discussion Tuesday on trust and privacy. The European Union's General Data Protection Regulation, which has applied since May 2018, has largely contributed to making consumers aware of the issues related to the data that they submit to large digital platforms on a daily basis.