News

The Hacker News has reported that newly discovered bugs in VSCode Extensions could lead to supply chain attacks. The severe security flaws uncovered in the popular Visual Studio Code extensions could enable attackers to compromise local machines and build/deployment systems through a developer's integrated development environment (IDE). The vulnerable extensions can also be exploited to run arbitrary code on a developer's system remotely, in what could ultimately pave the way for supply chain attacks. Some...

Nearly half of firms aren't reporting data breaches, which is a problem since GDPR demands businesses who suffered a breach to report it within 72 hours. However, new figures from cybersecurity firm CrowdStrike suggest many British firms aren’t reporting data breaches in a timely manner, as is required per General Data Protection Regulation (GDPR). Crowdstrike polled 500 decision-makers from the UK and found that less than half (42 percent) of those that had fallen victim...

According to Bleeping Computer, VMware is warning of a critical bug affecting all vCenter Server installs and the company is urging its customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in that impacts all vCenter Server deployments. "These updates fix a critical security vulnerability, and it needs to be considered at once," said Bob Plankers, Technical Marketing Architect at VMware. "This vulnerability can be used by anyone...

In the aftermath of the Colonial Pipeline attack, global IT association and learning community ISACA polled more than 1,200 members in the United States and found that 84 percent of respondents believe ransomware attacks will become more prevalent in the second half of 2021. According to the report, the severe disruptions caused by these attacks has been noted by organisations, along with the requirement to bolster defences against cyberattacks. In fact, over two-thirds are set to...

One Identity has announced the availability of its Active Roles and Password Manager products in a software-as-a-service (SaaS) delivery model. The company also announced a new SaaS-delivered solution, Starling CertAccess, which delivers access request and access certification to help organisations leverage Active Directory (AD) and Azure Active Directory (AAD) in the enterprise. This announcement, coupled with the company’s previous news that its Identity Manager and Safeguard products are now available as SaaS offerings, is the...

Bleeping Computer has reported that audio maker Bose disclosed a data breach after ransomware attack that hit the company's systems in early March. A breach notification letter filed with New Hampshire's Office of the Attorney General by Bose stated the company "experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across" its "environment."   Trevor Morgan, product manager at Comforte AG, said: "In ransomware attacks like the one affecting Bose in March, we...

The EU’s General Data Protection Regulation (GDPR) turns three today and since its launch in 2019, hundreds of millions of euros worth of fines have been handed out to companies of the likes of British Airways, Marriott International Hotels, and even Google. But not everyone thinks this piece of legislation is living up to the hype. Access Now’s new report, Three years under the GDPR: An implementation progress report, explores just how far this legislation...

Apple has released its macOS Big Sur 11.4 that expands support for external GPUs, fixes bugs in Safari and more. In addition, this update also makes the system more secure by patching an exploit that let sneaky malware take screenshots without the user being aware.  Jamf, an Apple-focused mobile device management company, reported that the XCSSET malware was using an exploit to take screenshots of Mac computers without asking for any permission. The malware targets...

In conversations with our customers, it’s very clear that organisations need to establish a comprehensive view of their IT asset infrastructure because you can’t secure what you don’t know or can’t see. But that comprehensive view needs to be specific to the security team, which has a different role than IT teams concerned with inventory, software support and license oversight. Security teams that rely on asset inventory from their IT counterparts are challenged by a...

City police opened 50 per cent more Covid loan fraud probes in February, according to a City AM report. It noted that the City of London police had begun more investigations into fraud connected to the government’s Bounce Back Loan scheme (BBLs) in February than the prior month. In fact, police opened 26 fraud probes in relations to BBLs in February, up from 17 in January, and a further 28 in March- according to international...