Threat Actors Are Bypassing MFA and Other Major Cybersecurity Developments You Should Know

TikTok makes sweeping changes to protect teens, Ring starts rolling out E2E, Neuberger officially tapped by Biden transition team, Pentagon halts deployment of $2B cybersecurity project, much more

Consider sharing Metacurity with your friends and colleagues to help them stay on top of the fast-changing cybersecurity sectors. Thank you.


DHS’s Cybersecurity and Infrastructure Security Agency (CISA) said that threat actors bypassed multi-factor authentication (MFA) protocols to compromise cloud service accounts.

CISA thinks they could defeat MFA as part of a 'pass-the-cookie' attack in which attackers hijack an already authenticated session using stolen session cookies to log into online services or web apps. (Sergiu Gatlan / Bleeping Computer)

Related: Reddit - cybersecurityBleeping Computer, US-CERT, TripwireThe State of SecurityInfosecurity MagazineSecurity Affairs, Security MagazineSiliconANGLE

TikTok announced broad and sweeping changes to its privacy settings for teenage users under the age of 18, with the youngest users between the age of 13 and 15 having their default privacy setting on their accounts changed to private. 

Unlike other social media, TikTok is disproportionately used by teens. (Michael Grothaus / Fast Company)

Related CNET - Latest articlesUSA TodayGadgets NowTORONTO STARCity A.M. - Technology9to5MacMashableEngadgetBusiness Insider, CTVNews.caThe IndependentTech XploreCTVNews.caThe IndependentNDTV Gadgets360.comLifehackerMobileSyrup.comThe Verge

The European Court of Justice’s Advocate General Michal Bobek ruled in a preliminary opinion that any EU country can take legal action against companies like Facebook over cross-border violations of data privacy rules, not just the main regulator in charge of the company.

The opinion paves the way for a crush of new data privacy cases across the EU. (Kelvin Chan / Associated Press.)

Related: Channel News AsiaRTENatasha Lomas – TechCrunchCNBC TechnologyThe IndependentTech XploreDevdiscourse News DeskDevdiscourse News Desk

Amazon-owned home surveillance company Ring began rolling out a technical preview of end-to-end encryption on eight cameras, including doorbell, indoor, and outdoor models.

The new encryption addition will prevent even Ring itself from viewing customers’ videos. (Jacob Kastrenakes / The Verge)

Related: EngadgetMacworldPCWorldDigital TrendsTechHiveBusiness Wire Technology News, Fast Company

The Biden transition team officially announced that Anne Neuberger, the National Security Agency’s cybersecurity director, will be joining the administration as deputy national security adviser for cyber and emerging technology.

The team also announced that Elizbeth Sherwood-Randal would become the top homeland security adviser on the council. (Shannon Vavra / Cyberscoop)

Related: AxiosThe Hill: CybersecurityNextgovLawfare,  Defense Daily Network

Italian cybersecurity organization CERTFA said that the Iranian cyber-espionage group known as Charming Kitten (APT35 or Phosphorus) attacked targets from all over the world during late-December using a very sophisticated spear-phishing campaign that involved not only email attacks but also SMS messages.

Members of think tanks, political research centers, university professors, journalists, and environmental activists were targeted during the attacks. (Catalin Cimpanu / ZDNet)

Related: Reddit - cybersecurityBBC News, CERTFA

Speaking at CES, Microsoft President Brad Smith slammed SolarWinds’ “mass indiscriminate global assault,” saying that the supply chain attack should be a wake-up call for cyber defenders.

Microsoft earlier confirmed that some of its source code was accessed during the hack. (BBC News)

Follow Us on Twitter

Related: Light Reading, Investor's Business DailyCRN

Hardware wallet company Ledger a 10 bitcoin bounty leading to details on the hacker who stole information on 272,000 of its customers during a hack in which 20,000 more user records have been exposed than the company originally estimated.

Ledger is also working with blockchain analytics firm Chainalysis to hunt the hackers. (Benjamin Powers / Coindesk)


Poor test results forced the Pentagon to halt deployment on its classified networks of a $2 billion cybersecurity project known as Joint Regional Security Stack, intended to detect intrusions and prevent attacks.

Testing chief Robert Behler said in a report that the Department of Defense is “unable to help network defenders protect DoD component networks against operationally realistic cyber attacks” using the project. (Anthony Capaccio / Bloomberg News)

Cyber-physical market intelligence platform Premise Data raised $85 million in a Series E funding round, led by WestCap Group with participation from NightDragon, as well as Winslow Capital, DRW, and Vista Credit Partners, and existing investors Valor Equity Partners, 8VC, Tao Capital, Hanover Technology Investment Management, and Atreides Management.

Meanwhile, AI-based IoT security start-up Vdoo raised $25 million in new funding round, with the funding coming from two investors, Israel’’s Qumra Capital and Verizon Ventures. (FinSMEs and Ingrid Lunden / TechCrunch)

Related: Geektime