Security News > 2020 > May

Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. The newly identified security issues specifically affect customer-managed on-premises Citrix ShareFile storage zone controllers, a component that stores corporate data behind the firewall.

Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. The newly identified security issues specifically affect customer-managed on-premises Citrix ShareFile storage zone controllers, a component that stores corporate data behind the firewall.

Hey pirates, is your ISP named Charter Communications? Charter Communications, an ISP in the US, has been ordered to hand over personally identifying information for over 11,000 alleged pirates.

A proof-of-concept exploit has been made public for a recently patched vulnerability in OpenSSL that can be exploited for denial-of-service attacks. OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f are affected by a high-severity vulnerability that has been described as a segmentation fault in the SSl check chain function.

For clarity, Digicert CT log 2 was deemed unsafe due the vulnerability. Writing in a forum for Certificate Transparency, DigitCert veep of business development, Jeremy Rowley assured users that "All other DigiCert CT logs are uneffected [sic] as they run on separate infrastructure."

If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should enable a newly introduced privacy setting immediately to prevent the company from spying on your online activities. The smartphone maker has begun rolling out an update to its Mi Browser/Mi Browser Pro and Mint Browser after concerns were raised over its practice of transmitting web browsing histories and device metadata to the company servers.

If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should enable a newly introduced privacy setting immediately to prevent the company from spying on your online activities. The smartphone maker has begun rolling out an update to its Mi Browser/Mi Browser Pro and Mint Browser after concerns were raised over its practice of transmitting web browsing histories and device metadata to the company servers.

The operating system does allow software, such as the NHS tracing app, to run in a special mode so that it can announce itself to nearby iPhones and iPads via Bluetooth, and listen out for copies of itself on other devices, even when in the background. It is literally impossible to broadcast the UUID needed for the app to work without the screen on and the app in the foreground.

Overlooked access rights are one of the most unnoticed security threats your organization can face - and it's less of a stone and more of a somehow-overlooked, but ever-looming mountain. Your employees need access to certain resources to do their job, but if they acquire "Too much" access, then they actually become a security risk.

With a third of the population currently working remotely and great uncertainty regarding when this situation is going to change, organizations must shift their business operations to support long-term remote working. According to a recent Gartner survey, the biggest barrier to effective remote work is poor technology and/or infrastructure for remote work.