News Feed

• Google: North Korean hackers have targeted security researchers via social media
  Google TAG warns security researchers to be on the lookout when approached by unknown individuals on social media.
• Time to Walk is Apple’s latest Fitness Plus feature that breaks away from staring at a screen
  Go on a walk and listen to stories from celebrities.
• Brazilian government advances process to sell state-owned tech firms
  A consortium of companies including Accenture will be studying alternatives to sell Dataprev and Serpro
• First commercial autonomous bus services hit Singapore roads
  Country's first commercial driverless bus services will run two routes at Singapore Science Park 2 and Jurong Island over a three-month pilot, during which data will be collected to assess the viability of the on-demand service as well as passenger safety and service reliability.
• Browser makers launch new project for writing documentation for Web APIs
  Founding members include the W3C, Google, Microsoft, Mozilla, Samsung Coil, and Igalia
• Microsoft's head of Corporate Strategy Kurt DelBene to leave Microsoft in June
  Microsoft's Kurt DelBene is retiring from the company at the end of its current fiscal year and won't be replaced.
• Pressure rises on IT executives to get their digital acts together
  The majority of IT leaders in a recent survey are concerned about being left behind. Can microservices, containers, and service meshes pave the way to digital transformation quickly and safely?
• Thinkware F200 Pro dash cam review: Unobtrusive camera with driving alerts and superb night vision
  The Thinkware F200 Pro is a really nice unobtrusive dash cam that will alert you to potential dangers, keep your speed as it should be and warn you if your attention starts to wander.
• Dutch COVID-19 patient data sold on the criminal underground
  Two individuals have been arrested in the Netherlands last week for selling data from Dutch COVID-19 systems on Telegram, Snapchat and Wickr.
• That cute robot cop can instantly work out who you are
  They look so friendly, as they roll along your shopping mall. Some, though, are concerned about what robot cops are really up to.
• Best NAS in 2021: Top network-attached storage devices
  If cloud-based servers don't meet all of your storage needs, consider a NAS solution. We selected a handful of devices that passed our reliability torture tests and offer superior usability and feature sets.
• Businesses, be warned: There is 'no guarantee' to the free flow of data from Europe
  The UK's Information Commissioner urged businesses to prepare for the possibility of a no-adequacy decision.
• Apple's MacBook Pro is an expensive joke, says Microsoft
  In a new ad that some might find slightly sneaky, Redmond tries to explain why the Surface Pro 7 is far, far better than Apple's sad little machine,
• NCR signs deal to acquire Cardtronics for $2.5 billion
  NCR plans to use the deal to accelerate its as-a-service strategy and non-hardware revenue.
• ServiceNow launches COVID-19 vaccine management software
  According to ServiceNow, the company is looking to help solve the last mile challenge of vaccine management including distribution, administration and monitoring
• Taboola merges with 'blank check' company, plots NYSE listing and IPO
  The deal gives Taboola an “implied” valuation of $2.6 billion.
• With business model adrift, Loon comes crashing down to Earth
  The demise of the Google(x) moonshot leaves the future of stratospheric internet access in doubt.
• 2021 is the year AR commerce becomes an Actual Reality
  Augmented Reality finds one killer app in driving business revenue through virtual shopping experiences
• This business intelligence and data analysis bundle is only $39.99
  Learn how to extract and utilize data like a pro. Your business will thank you.
• Data of BuyUcoin cryptocurrency exchange traders allegedly leaked online
  A customer update, since removed, claimed the leak was “dummy data.”

• Claroty Discloses Multiple Critical Vulns in Vendor Implementations of Key OT Protocol
  Flaws allow denial-of-service attacks and other malicious activity, vendor says.
• SonicWall Is Latest Security Vendor to Disclose Cyberattack
  The network security firm is investigating a coordinated campaign in which attackers exploited vulnerabilities in SonicWall's products.
• Intel Confirms Unauthorized Access of Earnings-Related Data
  News likely contributed to slide of over 9% in chipmaker's stock at one point Friday.
• Why North Korea Excels in Cybercrime
  North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
• DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
  Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes.
• Breach Data Shows Attackers Switched Gears in 2020
  Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.
• Attackers Leave Stolen Credentials Searchable on Google
  Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
• 7 Steps to Secure a WordPress Site
  Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
• Rethinking IoT Security: It's Not About the Devices
  Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
• Microsoft Releases New Info on SolarWinds Attack Chain
  Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says.
• SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration
  During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.
• Vulnerabilities in Popular DNS Software Allow Poisoning
  Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack.
• SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics
  Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.
• A Security Practitioner's Guide to Encrypted DNS
  Best practices for a shifting visibility landscape.
• Successful Malware Incidents Rise as Attackers Shift Tactics
  As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.
• Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses
  A new machine learning tool aims to mine privacy policies on behalf of users.
• 'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
  Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.
• Businesses Struggle with Cloud Availability as Attackers Take Aim
  Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.
• SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns
  Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.
• More SolarWinds Attack Details Emerge
  A third piece of malware is uncovered, but there are still plenty of unknowns about the epic attacks purportedly out of Russia.

• Speed of Digital Transformation May Lead to Greater App Vulnerabilities
  The fastest-moving industries are struggling to produce secure code, according to AppSec experts.
• Attackers Leave Stolen Credentials Searchable on Google
  Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
• Cloud Jacking: The Bold New World of Enterprise Cybersecurity
  Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
• 7 Steps to Secure a WordPress Site
  Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
• Vulnerabilities in Popular DNS Software Allow Poisoning
  Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack.
• The Most Pressing Concerns Facing CISOs Today
  Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
• Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
  Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
• Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021
  Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.
• When It Comes To Security Tools, More Isn't More
  Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
• Top 5 'Need to Know' Coding Defects for DevSecOps
  Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.
• 6 Open Source Tools for Your Security Team
  Open source tools can be great additions to your cloud security arsenal. Here are a half-dozen to get you started.
• Netwrix and Stealthbits Merge to Tackle Data Security
  The combined entity will have a portfolio of security tools designed to identify security risk and recover from incidents.
• Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
  A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
• Reducing the Risk of Third-Party SaaS Apps to Your Organization
  Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
• HelpSystems Acquires Data Security Firm Vera
  The purchase is intended to increase London-based HelpSystems' file collaboration security capabilities.
• White Ops Announces Its Acquisition
  A group including Goldman Sachs Merchant Banking Division, ClearSky Security, and NightDragon has purchased the human verification technology company.
• Microsoft Ups Security of Azure AD, Identity
  A roundup of Microsoft's recent security news and updates that focus on protecting identity.
• Security as Code: How Repeatable Policy-Driven Deployment Improves Security
  The SaC approach lets users codify and enforce a secure state of application configuration deployment that limits risk.
• NSA, CISA Warn of Attacks on Federated Authentication
  While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.
• Malicious Browser Extensions for Social Media Infect Millions of Systems
  At least 28 third-party add-ons for top social media sites, including Facebook and Vimeo, redirect users to phishing sites and steal data.

Cyber Security Feed.