Privacy and security experts have signaled their concern over the appointment of Nadine Dorries to the post of digital and culture secretary. This week, Boris Johnson announced the move as part of a major Cabinet reshuffle designed to stamp his authority on government and drive momentum into the next General Election campaign. However, while most of the appointments were well received, question marks have been raised over Dorries’ tech credentials. As secretary of state for digital, culture,…

The US government is urging organizations to patch a newly identified Zoho vulnerability since state-sponsored attackers are actively exploiting it. CVE-2021-4053 is a critical authentication bypass vulnerability affecting REST-based API URLs which could enable remote code execution if exploited, according to the Cybersecurity and Infrastructure Security Agency (CISA). It affects ManageEngine ADSelfService Plus — a self-service password management and single sign-on solution from the online productivity vendor. Zoho released a patch for this bug on September 6, but…

Sadly, online job scams targeting older adults have been an issue for years. However, in a pandemic job market, cybercriminals are working overtime to devise schemes that exploit job seekers’ need for financial security.   According to the Better Business Bureau, Americans lost more than $62 million in employment scams in 2020. In addition, with federal unemployment benefits ending this month, that number is expected to rise as more people head online to look for work.     Online hiring scams can be hard to detect because scammers advertise job opportunities the same way legitimate employers do—via online ads, job…

A dual Irish-American citizen has been sentenced to 27 years in US federal prison for sharing on the dark web millions of images depicting the sexual abuse of children, toddlers and infants.  Dublin resident Eric Eoin Marques was extradited to the United States on March 23, 2019, to face federal criminal charges filed in Maryland on August 8, 2013. On February 6, 2020, 36-year-old Marques pleaded guilty to conspiracy to advertise child pornography on the dark web.  According to…

The United States, United Kingdom and Australia have announced a historic trilateral security and defense agreement. Under the new AUKUS pact, the three nations will cooperate more closely than ever before in several areas that include artificial intelligence, cyber capabilities, quantum computing critical technology, and defense-related industrial bases and supply chains.  The partnership was announced on Wednesday in a joint virtual press conference between US president Joe Biden, UK prime minister Boris Johnson, and Australian prime minister…

The United States Federal Trade Commission (FTC) has warned the developers of health apps and connected devices that they must disclose data breaches to consumers or face a fine. In a policy brief issued Wednesday, the Commission clarified that healthcare apps that collect or use consumers’ health information are subject to the Health Breach Notification Rule requiring entities not covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to notify consumers when their health…

By Vinay Pidathala, Director of Security Research, Menlo Security Cybersecurity is never straightforward. While defense techniques, technologies, policies and methodologies continue to evolve at pace, such defenses often trail in the wake of novel cyber attacks that seek out and exploit vulnerabilities in new ways, catching security teams off guard. Indeed, recent times have provided many headaches for security professionals; Cybersecurity Ventures reveals that cyber attacks in 2021 will amount to a collective cost of…