Security News

The incentive for a business to implement a zero-trust architecture should be based on internal mandates, with consideration for how a security breach might impact others outside of the organization. A separate White House memorandum is already pushing critical infrastructure owners and operators to implement baseline security practices to protect national and economic security, as well as public health and safety.

The US Financial Industry Regulatory Authority warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties. In a notice issued on Friday, the US financial industry regulator said that the phishing messages are being sent from multiple domains impersonating FINRA official sites.

Julian Assange has lost a legal scrap in court, this time over the US government's attempt to expand its grounds for extraditing him from England to stand trial in America. Uncle Sam is ultimately hoping to overturn a decision made in January blocking Assange's extradition on mental health grounds.

This undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider. In a presentation earlier this week at the Black Hat USA 2021 security conference in Las Vegas, Nevada, Shir Tamari and Ami Luttwak from security firm Wiz, described how they found a DNS name server hijacking flaw that allowed them to spy on the dynamic DNS traffic of other customers.

Y Purdy, CSO for Huawei USA, believes the US needs to be more active in the development of global security standards rather than being aloof. "The US has fundamentally dropped the ball when it comes to participation in global security standards," Purdy told The Register.

US cybersecurity officials on Thursday said Amazon, Google and Microsoft have enlisted to help them fight ransomware and defend cloud computing systems from hackers. The tech giants are among firms signed on to be part of a Joint Cyber Defense Collaborative intended to combine government and private skills and resources to fight hackers, according to the Cybersecurity and Infrastructure Security Agency.

SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamous Russian attack on the business. Financial newswire Reuters reported that the suit was originally filed over allegations that former SolarWinds chief exec Kevin Thompson cut cybersecurity efforts in the hope of driving greater dividends into the pockets of major investors, Silver Lake and Thoma Bravo, who each reportedly held around 40 per cent of SolarWinds' stocks at the time.

DDoS attacks are a nuisance to be sure, but they're also used in a variety of ways that make them a severe threat, says Atlas VPN. DDoS attack data presented by Atlas VPN found that attackers prefer the United States and the computers and internet sectors as targets. In June 2021 alone, more than a third of DDoS attacks worldwide targeted servers in the U.S. DDoS attacks involve using a massive number of internet-connected machines and devices to flood a target server, rendering it unable to keep up with traffic and either making it unusable or taking it offline.

Zoom, the videoconferencing firm, has agreed to settle a class-action US privacy lawsuit for $85 million, it said Sunday. The suit charged that Zoom's sharing of users' personal data with Facebook, Google and LinkedIn was a breach of privacy for millions.

Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy platform offered by the Cybersecurity and Infrastructure Security Agency. "Through this crowdsourcing platform, Federal Civilian Executive Branch agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified," Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, explained.