If your online life revolves around Gmail, Chrome, and other Google software and services, your Google account is one of your most precious online resources. That’s especially true if you use the Gmail address associated with that account as your primary email address.
An online criminal who gets hold of those credentials can cause chaos and do catastrophic damage to your online life, which is why it’s important to protect your Google account from being compromised.
The data regulator for the German state of Lower Saxony has fined a local laptop retailer a whopping €10.4 million ($12.5 million) for keeping its employees under constant video surveillance at all times for the past two years without a legal basis.
The Linux Mint project has patched this week a security flaw that could have allowed a threat actor to bypass the OS screensaver and its password and access locked desktops.
This particularly nasty security flaw was discovered by two kids playing on their dad’s computer, according to a bug report on GitHub.
A few weeks ago, my kids wanted to hack my Linux desktop, so they typed and clicked everywhere while I was standing behind them looking at them play, wrote a user identifying themselves as robo2bobo.
According to the bug report, the two kids pressed random keys on both the physical and on-screen keyboards, which eventually led to a crash of the Linux Mint screensaver, allowing the two access to the desktop.
I thought it was a unique incident, but they managed to do it a second time, the user added.
The US National Security Agency has published today a guide on the benefits and risks of encrypted DNS protocols, such as DNS-over-HTTPS (DoH), which have become widely used over the past two years.
The US cybersecurity agency warns that while technologies like DoH can encrypt and hide user DNS queries from network observers, they also have downsides when used inside corporate networks.
DoH is not a panacea, the NSA said in a security advisory published today, claiming that the use of the protocol gives companies a false sense of security, echoing many of the arguments presented in a ZDNet feature on DoH in October 2019.
The NSA said that DoH does not fully prevent threat actors from seeing a user’s traffic and that when deployed inside networks, it can be used to bypass many security tools that rely on sniffing classic (plaintext) DNS traffic to detect threats.
An Iranian cyber-espionage group known as Charming Kitten (APT35 or Phosphorus) has used the recent winter holiday break to attack targets from all over the world using a very sophisticated spear-phishing campaign that involved not only email attacks but also SMS messages.
Charming Kitten has taken full advantage of this timing to execute its new campaign to maximum effect, said CERTFA, a cybersecurity organization specialized in tracking Iranian operations.
The group started the new round of attacks at a time when most companies, offices, organizations, etc. were either closed or half-closed during Christmas holidays and, as a result, their technical support and IT departments were not able to immediately review, identify, and neutralize these cyber incidents, it added.
CERTFA said it detected attacks targeting members of think tanks, political research centers, university professors, journalists, and environmental activists.
The victims were located in countries around the Persian Gulf, Europe, and the US.
Secretary of State Mike Pompeo announced on Thursday the creation of a new bureau inside the US Department of State dedicated to addressing cybersecurity as part of the US’ foreign policy and diplomatic efforts.
The new bureau will be named the Bureau of Cyberspace Security and Emerging Technologies (CSET).
The CSET bureau will lead US government diplomatic efforts on a wide range of international cyberspace security and emerging technology policy issues that affect US foreign policy and national security, including securing cyberspace and critical technologies, reducing the likelihood of cyber conflict, and prevailing in strategic cyber competition, the State Department said yesterday.
Efforts to get the bureau on its feet began in June 2019, as a replacement for a previous office tasked with addressing cyber-security policies as part of US foreign diplomatic efforts had been shuttered as part of a reorganization in the summer of 2017, under Secretary of State Rex Tillerson.
The United States Judiciary has announced an audit into its systems, following concerns its case file system has been compromised.
In making the announcement, the Judiciary said the Administrative Office of the US Courts was working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents, particularly sealed filings.