International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT) Asiacrypt 2021, the 27th Annual International Conference on the Theory and Applications of Cryptology and Information Security, will take place in Virtual on December 6-10, 2021. The conference is organized by the International Association for Cryptologic Research (IACR). Original research papers on all aspects of cryptology are solicited for submission. The proceedings will be published by Springer in the LNCS series.

Annual Computer Security Applications Conference (ACSAC) December 6-10, 2021 | Virtual | https://www.acsac.org/

4th IEEE International Symposium on Future Cyber Security Technologies (FCST 2021) In conjunction with The 8th International Conference on Internet of Things: Systems, Management and Security (IoTSMS 2021) Gandia, Spain | December 6-9, 2021 (Virtual) | http://emergingtechnet.org/FCST2021/

  IEEE International Conference on Parallel and Distributed Systems (ICPADS) 14-16 December 2021 | Beijing | http://ieee-icpads.net/2021/

The 4th International Symposium on Future Cyber Security Technologies (FCST 2021) December 6-9, 2021 | Gandia, Spain | http://emergingtechnet.org/FCST2021/ In conjunction with  The 8th International Conference on Internet of Things: Systems, Management and Security (IoTSMS 2021)

33rd International Conference on Microelectronics (ICM 2021) December 19-22 | Cairo, Egypt | https://www.icmieee2021.org/

CISA warning for water and wastewater facilities On October 14, 2021, the U.S. Cybersecurity Infrastructure and Security Agency (CISA) issues a warning for possible ransomware attacks trying to compromise water and wastewater facilities. When successful, clean water, potable water, and wastewater management all all at risk. These systems are often vulnerable because of outdated operating systems and software and not implementing security updates.

This week’s massive Facebook outage that was felt across all it’s platforms including Instagram and WhatsApp and lasted over six hours was likely caused by a faulty configuration change on the backbone routers that coordinate network traffic between data centers. It took so long to revive the service because the outage also disabled Facebook’s internal tools and systems used for daily operations.

Google’s Threat Analysis Group found that threat actors have recently used a new trick of code signing to avoid detection on Windows systems and have notified Microsoft of their findings. OpenSUpdater operations had used legitimate code-signing certificates. The hackers used invalid signature—edited with an End of Content marker replacing a NULL tag. While some security products detect this as invalid—Windows operating systems treated the signatures as valid. https://www.securityweek.com/google-says-threat-actors-using-new-code-signing-tricks-evade-detection

In an effort to strengthen security for Microsoft users, the company is now rolling out a way to access Microsoft accounts such as Microsoft 365, Teams, Outlook, OneDrive, and Family Safety without passwords. The feature is available after linking users' accounts to an authenticator app and turning on the Passwordless Account setting under Advanced Security Options-Additional Security Options. They can use Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or Email.