News Feed

• ATO wants to make it easier for businesses to receive emails and notifications
  The Australian Taxation Office is on the hunt for a service provider to deliver an email service so businesses only have to access one inbox to receive updates.
• NSW government lowers assessment threshold to speed up data centre approval
  Getting the tick of approval from the NSW government to build a data centre in the state just got a lot easier.
• Zero trust, basic cyber hygiene best defence against third-party attacks
  Rather than entrust third-party suppliers to keep their supply chain secured, organisations should adopt a zero trust security strategy and establish basic cyber hygiene to safeguard their data.
• Growing reliance on third-party suppliers signals increasing security risks
  Adversaries are turning their focus on cheaper, easier targets within an organisation's supply chain, especially as businesses increasingly acquire software from external suppliers.
• Australian ministers agree to work on national digital identity and data sharing
  A meeting held by Australia's federal and state data and digital ministers revealed work is being undertaken to make a national identity program a reality.
• WordPress could treat Google FloC as a security issue
  An idea is being floated to backport FLoC blocking code to existing WordPress users.
• Can OnePlus be more than a challenger brand?
  OnePlus 9 and OnePlus 9 Pro are strong contenders in the Android smartphone market and the devices surged in 2020 across multiple price points. But distribution beyond T-Mobile and AT&T 5G certification are critical for more upside.
• United Airlines said it was just PR. The CDC says airlines are full of it
  Thinking of recommencing business travel? The CDC would like you to consider that airlines may not be the greatest purveyors of Covid-related science.
• DevOps for the business: enter 'value stream management' for enterprise software woes
  DevOps 2.0? Value stream management may be the 'next generation of DevOps,' providing more visibility into what matters to the business.
• Chick-fil-A wants you to spend $2 not to go to Chick-fil-A
  If you have a reputation for excellent customer service, is more technology the best way forward? It seems Chick-fil-A thinks it is.
• Readers pick the most annoying iPhone bug
  No, it's not the notifications bug. It's not even poor battery life!
• Brazilian authorities urged to act on WhatsApp privacy update
  Consumer protection body Idec notified several organizations with unanswered questions over privacy rights and data protection.
• What to expect at Apple's April 20 'Spring Loaded' iPad Pro event
  Invites to Apple's first keynote of 2021 are out where we expect Apple to announce new iPad Pros, an Apple TV and maybe AirTags.
• Microsoft takes a step toward unifying its Edge codebase across all platforms
  Microsoft is making available a new and different version of the new Edge browser to Canary channel testers on Android.
• StormForge survey finds you can waste a lot of money deploying Kubernetes to the cloud
  A great deal of time and money is wasted on the cloud with poorly done Kubernetes implementations.
• Dell divests VMware: Investors cheer, but what does it mean for customers?
  Dell Technologies just announced the expected spin-out of that 80% ownership, making VMware a fully independent company. This move is good for investors, but we analyze if it is good for customers.
• Practical 3D printing: The importance of filament runout sensors
  Here's a simple feature that can save you time and money, especially for large 3D prints.
• Mophie Powerstation Go Rugged lineup announced: Jumper cable output, flashlight are perfect for emergencies
  Mophie is known for smartphone and portable power packs, but its newest line of Powerstation Go Rugged batteries offer the ultimate in portable power. Functions include a high-powered flashlight, air compressor, AC supply, and more to make these battery accessories perfect for the car, home, or office.
• First multi-node quantum network paves the way for the quantum internet
  Researchers in the Netherlands have established an entanglement-based network between three quantum processors for the first time.
• Cat S62 Pro smartphone with thermal imaging and ultra-rugged design launches in the US
  The Cat S62 Pro launched in Europe last fall, but was launched today the US market for $699. This rugged phone is built to withstand all that field workers throw at it with the additional FLIR thermal imaging capability.

• Pandemic Drives Greater Need for Endpoint Security
  Endpoint security has changed. Can your security plan keep up?
• High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison
  Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.
• Software Developer Arrested in Computer Sabotage Case
  Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.
• US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
  Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.
• 6 Tips for Managing Operational Risk in a Downturn
  Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
• Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4
  There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.
• CISA Urges Caution for Security Researchers Targeted in Attack Campaign
  The agency urges researchers to take precautions amid an ongoing targeted threat campaign.
• FBI Operation Remotely Removes Web Shells From Exchange Servers
  A court order authorized the FBI to remove malicious Web shells from hundreds of vulnerable machines running on-premises Exchange Server.
• DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack
  Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
• Compromised Microsoft Exchange Server Used to Host Cryptominer
  Researchers say an unknown attacker is targeting vulnerable Exchange Servers with a payload hosted on a compromised Exchange Server.
• Dark Reading to Upgrade Site Design, Performance
  Improvements will make site content easier to navigate, faster, and more functional.
• Clear & Present Danger: Data Hoarding Undermines Better Security
  Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
• Microsoft Warns of Malware Delivery via Google URLs
  A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan.
• Federal Reserve Chairman Says Cyber-Risk a Top Threat to National Economy
  Jerome Powell tells 60 Minutes that cyberattacks have the potential to do major damage to US financial system.
• Microsoft Uses Machine Learning to Predict Attackers' Next Steps
  Researchers build a model to attribute attacks to specific groups based on tactics, techniques, and procedures, and then figure out their next move.
• New Malware Downloader Spotted in Targeted Campaigns
  Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
• Omdia Research Spotlight: XDR
  Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
• CISA Launches New Threat Detection Dashboard
  Aviary is a new dashboard that works with CISA's Sparrow threat detection tool.
• 600K Payment Card Records Leaked After Swarmshop Breach
  A leaked database also contains the nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers.
• Handcuffs Over AI: Solving Security Challenges With Law Enforcement
  We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.

• Nation-State Attacks Force a New Paradigm: Patching as Incident Response
  IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.
• Dependency Problems Increase for Open Source Components
  The number of components in the average application rose 77% over two years. No wonder, then, that 84% of codebases have at least one vulnerability.
• NSA Alerted Microsoft to New Exchange Server Vulnerabilities
  Microsoft today patched 114 CVEs to address the Exchange Server flaws, more than 50 remote code execution vulnerabilities, and one zero-day.
• Dark Reading to Upgrade Site Design, Performance
  Improvements will make site content easier to navigate, faster, and more functional.
• 5 Objectives for Establishing an API-First Security Strategy
  With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever.
• New Malware Downloader Spotted in Targeted Campaigns
  Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
• Wake Up and Smell the JavaScript
  The SolarWinds attack showed the true meaning of a supply chain breach. And it's the canary in the coal mine for sensitive data on the Web.
• Unofficial Android App Store APKPure Infected With Malware
  The APKPure app store was infected with malware that can download Trojans to other Android devices, researchers report.
• Cring Ransomware Used in Attacks on European Industrial Firms
  Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report.
• Cartoon Caption Winner: Something Seems Afoul
  And the winner of Dark Readings's March cartoon caption contest is ...
• Security Falls Short in Rapid COVID Cloud Migration
  The quick pivot to the cloud for remote support also ushered in risks.
• Crime Service Gives Firms Another Reason to Purge Macros
  Recent Trickbot campaigns and at least three common banking Trojans all attempt to infect systems using malicious macros in Microsoft Office documents created using EtterSilent.
• NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets
  Compromised NFT accounts highlight security concerns inherent in the design of centralized systems.
• LinkedIn Phishing Ramps Up With More-Targeted Attacks
  Seeking to take advantage of out-of-work users, malware groups continue to use LinkedIn and business services to offer fictional jobs and deliver infections instead.
• Kaspersky Uncovers New APAC Cyberespionage Campaign
  A group related to Chinese-speaking threat group Cycldek is targeting government and military organizations in Vietnam.
• NIST Publishes Guide for Securing Hotel Property Management Systems
  These sensitive systems store guests' personal data and payment-card information.
• The Role of Visibility in Securing Cloud Applications
  Traditional data center approaches aren't built for securing modern cloud applications.
• 3 Ways Vendors Can Inspire Customer Trust Amid Breaches
  As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
• What We Know (and Don't Know) So Far About the 'Supernova' SolarWinds Attack
  A look at the second elusive attack targeting SolarWinds software that researchers at Secureworks recently cited as the handiwork of Chinese nation-state hackers.
• In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
  Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.

Cyber Security Feed.