- ATO wants to make it easier for businesses to receive emails and notificationsThe Australian Taxation Office is on the hunt for a service provider to deliver an email service so businesses only have to access one inbox to receive updates.
- NSW government lowers assessment threshold to speed up data centre approvalGetting the tick of approval from the NSW government to build a data centre in the state just got a lot easier.
- Zero trust, basic cyber hygiene best defence against third-party attacksRather than entrust third-party suppliers to keep their supply chain secured, organisations should adopt a zero trust security strategy and establish basic cyber hygiene to safeguard their data.
- Growing reliance on third-party suppliers signals increasing security risksAdversaries are turning their focus on cheaper, easier targets within an organisation's supply chain, especially as businesses increasingly acquire software from external suppliers.
- Australian ministers agree to work on national digital identity and data sharingA meeting held by Australia's federal and state data and digital ministers revealed work is being undertaken to make a national identity program a reality.
- WordPress could treat Google FloC as a security issueAn idea is being floated to backport FLoC blocking code to existing WordPress users.
- Can OnePlus be more than a challenger brand?OnePlus 9 and OnePlus 9 Pro are strong contenders in the Android smartphone market and the devices surged in 2020 across multiple price points. But distribution beyond T-Mobile and AT&T 5G certification are critical for more upside.
- United Airlines said it was just PR. The CDC says airlines are full of itThinking of recommencing business travel? The CDC would like you to consider that airlines may not be the greatest purveyors of Covid-related science.
- DevOps for the business: enter 'value stream management' for enterprise software woesDevOps 2.0? Value stream management may be the 'next generation of DevOps,' providing more visibility into what matters to the business.
- Chick-fil-A wants you to spend $2 not to go to Chick-fil-AIf you have a reputation for excellent customer service, is more technology the best way forward? It seems Chick-fil-A thinks it is.
- Readers pick the most annoying iPhone bugNo, it's not the notifications bug. It's not even poor battery life!
- Brazilian authorities urged to act on WhatsApp privacy updateConsumer protection body Idec notified several organizations with unanswered questions over privacy rights and data protection.
- What to expect at Apple's April 20 'Spring Loaded' iPad Pro eventInvites to Apple's first keynote of 2021 are out where we expect Apple to announce new iPad Pros, an Apple TV and maybe AirTags.
- Microsoft takes a step toward unifying its Edge codebase across all platformsMicrosoft is making available a new and different version of the new Edge browser to Canary channel testers on Android.
- StormForge survey finds you can waste a lot of money deploying Kubernetes to the cloudA great deal of time and money is wasted on the cloud with poorly done Kubernetes implementations.
- Dell divests VMware: Investors cheer, but what does it mean for customers?Dell Technologies just announced the expected spin-out of that 80% ownership, making VMware a fully independent company. This move is good for investors, but we analyze if it is good for customers.
- Practical 3D printing: The importance of filament runout sensorsHere's a simple feature that can save you time and money, especially for large 3D prints.
- Mophie Powerstation Go Rugged lineup announced: Jumper cable output, flashlight are perfect for emergenciesMophie is known for smartphone and portable power packs, but its newest line of Powerstation Go Rugged batteries offer the ultimate in portable power. Functions include a high-powered flashlight, air compressor, AC supply, and more to make these battery accessories perfect for the car, home, or office.
- First multi-node quantum network paves the way for the quantum internetResearchers in the Netherlands have established an entanglement-based network between three quantum processors for the first time.
- Cat S62 Pro smartphone with thermal imaging and ultra-rugged design launches in the USThe Cat S62 Pro launched in Europe last fall, but was launched today the US market for $699. This rugged phone is built to withstand all that field workers throw at it with the additional FLIR thermal imaging capability.

- Pandemic Drives Greater Need for Endpoint SecurityEndpoint security has changed. Can your security plan keep up?
- High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in PrisonFedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.
- Software Developer Arrested in Computer Sabotage CaseOfficials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.
- US Formally Attributes SolarWinds Attack to Russian Intelligence AgencyTreasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.
- 6 Tips for Managing Operational Risk in a DownturnMany organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
- Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.
- CISA Urges Caution for Security Researchers Targeted in Attack CampaignThe agency urges researchers to take precautions amid an ongoing targeted threat campaign.
- FBI Operation Remotely Removes Web Shells From Exchange ServersA court order authorized the FBI to remove malicious Web shells from hundreds of vulnerable machines running on-premises Exchange Server.
- DNS Vulnerabilities Expose Millions of Internet-Connected Devices to AttackResearchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
- Compromised Microsoft Exchange Server Used to Host CryptominerResearchers say an unknown attacker is targeting vulnerable Exchange Servers with a payload hosted on a compromised Exchange Server.
- Dark Reading to Upgrade Site Design, PerformanceImprovements will make site content easier to navigate, faster, and more functional.
- Clear & Present Danger: Data Hoarding Undermines Better SecurityFacebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
- Microsoft Warns of Malware Delivery via Google URLsA new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan.
- Federal Reserve Chairman Says Cyber-Risk a Top Threat to National EconomyJerome Powell tells 60 Minutes that cyberattacks have the potential to do major damage to US financial system.
- Microsoft Uses Machine Learning to Predict Attackers' Next StepsResearchers build a model to attribute attacks to specific groups based on tactics, techniques, and procedures, and then figure out their next move.
- New Malware Downloader Spotted in Targeted CampaignsSaint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
- Omdia Research Spotlight: XDRFew emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
- CISA Launches New Threat Detection DashboardAviary is a new dashboard that works with CISA's Sparrow threat detection tool.
- 600K Payment Card Records Leaked After Swarmshop BreachA leaked database also contains the nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers.
- Handcuffs Over AI: Solving Security Challenges With Law EnforcementWe've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.

- Nation-State Attacks Force a New Paradigm: Patching as Incident ResponseIT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.
- Dependency Problems Increase for Open Source ComponentsThe number of components in the average application rose 77% over two years. No wonder, then, that 84% of codebases have at least one vulnerability.
- NSA Alerted Microsoft to New Exchange Server VulnerabilitiesMicrosoft today patched 114 CVEs to address the Exchange Server flaws, more than 50 remote code execution vulnerabilities, and one zero-day.
- Dark Reading to Upgrade Site Design, PerformanceImprovements will make site content easier to navigate, faster, and more functional.
- 5 Objectives for Establishing an API-First Security StrategyWith APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever.
- New Malware Downloader Spotted in Targeted CampaignsSaint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
- Wake Up and Smell the JavaScriptThe SolarWinds attack showed the true meaning of a supply chain breach. And it's the canary in the coal mine for sensitive data on the Web.
- Unofficial Android App Store APKPure Infected With MalwareThe APKPure app store was infected with malware that can download Trojans to other Android devices, researchers report.
- Cring Ransomware Used in Attacks on European Industrial FirmsAttackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report.
- Cartoon Caption Winner: Something Seems AfoulAnd the winner of Dark Readings's March cartoon caption contest is ...
- Security Falls Short in Rapid COVID Cloud MigrationThe quick pivot to the cloud for remote support also ushered in risks.
- Crime Service Gives Firms Another Reason to Purge MacrosRecent Trickbot campaigns and at least three common banking Trojans all attempt to infect systems using malicious macros in Microsoft Office documents created using EtterSilent.
- NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital AssetsCompromised NFT accounts highlight security concerns inherent in the design of centralized systems.
- LinkedIn Phishing Ramps Up With More-Targeted AttacksSeeking to take advantage of out-of-work users, malware groups continue to use LinkedIn and business services to offer fictional jobs and deliver infections instead.
- Kaspersky Uncovers New APAC Cyberespionage CampaignA group related to Chinese-speaking threat group Cycldek is targeting government and military organizations in Vietnam.
- NIST Publishes Guide for Securing Hotel Property Management Systems These sensitive systems store guests' personal data and payment-card information.
- The Role of Visibility in Securing Cloud ApplicationsTraditional data center approaches aren't built for securing modern cloud applications.
- 3 Ways Vendors Can Inspire Customer Trust Amid BreachesAs customers rely more on cloud storage and remote workforces, the probability of a breach increases.
- What We Know (and Don't Know) So Far About the 'Supernova' SolarWinds Attack A look at the second elusive attack targeting SolarWinds software that researchers at Secureworks recently cited as the handiwork of Chinese nation-state hackers.
- In the Rush to Embrace Hybrid Cloud, Don't Forget About SecurityCloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
Cyber Security Feed.