Home

January 14, 2021

Apple nixes feature that let its apps skip VPNs and firewalls, after criticism from researchers

The software essentially exempted Apple's own programs from being routed through its Network Extension Framework, which the company created for third-party security products to monitor and filter network traffic.

The post Apple nixes feature that let its apps skip VPNs and firewalls, after criticism from researchers appeared first on SC Media.

January 14, 2021

Google: Attacker ‘likely’ had access to Android zero-day vulnerabilities

Google’s Project Zero this week introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year.

The post Google: Attacker ‘likely’ had access to Android zero-day vulnerabilities appeared first on SC Media.

January 13, 2021

JumpCloud land $100 million in funding, as secure remote access market continues surge

Over the past two decades, businesses have piled a patchwork of different products and services – multi-factor authentication, single sign-on, identity governance and administration policies and others – on top of their directory. That introduces risk and complexity, says Jumpcloud CEO Rajat Bhargava.

The post JumpCloud land $100 million in funding, as secure remote access market continues surge appeared first on SC Media.

January 13, 2021

Sunspot malware scoured servers for SolarWinds builds that it could weaponize

Software company says 2 customer inquires, in hindsight, appear linked to supply-chain attack

The post Sunspot malware scoured servers for SolarWinds builds that it could weaponize appeared first on SC Media.

January 13, 2021

Digital nationalism and the complexity of emerging threats for multinational companies

Nicolas Reys of Control Risks spoke with SC Media about how companies can position themselves to rebound from a year complicated by the pandemic, climate change challenges and deteriorating U.S.-China relations.

The post Digital nationalism and the complexity of emerging threats for multinational companies appeared first on SC Media.

January 13, 2021

Perils of coding errors play out in Parler slip up

Applied to internet applications in general, the IDOR problems that led to the Parler exposure could extend to anything stored sequentially and not secured individually — receipts, posts, and in many instances entire accounts.

The post Perils of coding errors play out in Parler slip up appeared first on SC Media.

January 13, 2021

Ubiquiti urges password reset, 2fa after breach

IoT networking device vendor Ubiquiti experienced a breach of a web portal it uses to manage remote devices and as a support portal. The web servers stored information pertaining to user profiles for the account.ui.com portal that Ubiquiti makes available to customers who bought one of its router or webcam products, a ZDNet report said.…

The post Ubiquiti urges password reset, 2fa after breach appeared first on SC Media.

January 12, 2021

Complexity and cost chip away at SOCs’ perceived return on investment

51% of 17,200 surveyed IT and security practitioners said that
their SOC’s ROI has gotten worse.

The post Complexity and cost chip away at SOCs’ perceived return on investment appeared first on SC Media.

January 12, 2021

SolarWinds attackers suspected in Microsoft authentication compromise

Mimecast issued a new certificate and is urging affected customers to delete the old one after Microsoft warned of a compromise.

The post SolarWinds attackers suspected in Microsoft authentication compromise appeared first on SC Media.