Security News > 2020 > August

Zyxel Communications announced the receipt of OnGo certification for its high-power LTE7485-S905 4G LTE-A outdoor router by the CBRS Alliance. For service providers, OnGo certification brings interoperability to multi-vendor, large-scale deployments, thus enabling best-of-breed solutions at competitive costs.

A critical remote-code-execution vulnerability affecting past versions of the Slack desktop app was disclosed on Friday after the software maker fixed its app. Back in January, Oskars Vegeris, a security engineer at Evolution Gaming, privately reported to Slack a remote code execution vulnerability affecting version 4.2 and 4.32 of its desktop apps for Linux, macOS, and Windows via bug bounty program HackerOne.

Check out this guide of the best developer-centric security products. From HashiCorp to Snyk to oso, we're finally seeing security embrace the developer class, and it couldn't have come at a more opportune time.

Apple accidentally approved one of the most popular Mac malware threats - OSX.Shlayer - as part of its security notarization process. Security researchers Peter Dantini and Patrick Wardle recently discovered that Apple inadvertently notarized malicious payloads that were utilized in a recent adware campaign.

The Iran-affiliated APT known as Charming Kitten is back with a new approach, impersonating Persian-speaking journalists via WhatsApp and LinkedIn, in order to con victims into opening malicious links. To lend verisimilitude to their impersonations, the cybercriminals also set up fake LinkedIn profiles corresponding to the journalists' names, and have been sending out LinkedIn messages to corner victims as well.

A security researcher was awarded a $1,750 bug bounty reward for discovering a remote code execution vulnerability in the Slack desktop applications. An attacker could exploit the vulnerability to execute arbitrary code within Slack's desktop apps for macOS, Linux, and Windows.

A Chinese national was arrested in the United States for destroying evidence of possible transfer of sensitive data to China. The man, Guan Lei, 29, was a researcher at the University of California, Los Angeles, and was staying in the U.S. on a J-1 non-immigrant visa.

The number of vulnerabilities being disclosed by major technology companies is returning to normal levels after a lower-than-usual first quarter, due in no small part to the disruption from the coronavirus pandemic. "It is also important to note that 2015's single Fujiwhara event saw a total of 277 disclosed vulnerabilities from all reports that day, less than half of what we saw from the April Fujiwhara this year. During April's Fujiwhara event we saw 506 new vulnerabilities reported, 79% of which came from seven vendors. Compared to other Patch Tuesdays this year, the highest reported"only" 273 new vulnerabilities on June 9th.".

UPDATE. Hackers are scoring more than a million dollars annually selling compromised accounts for the popular Fortnite video game in underground forums. After tallying the auction sales for several high-end and low-end Fortnite account sellers over a three month period, researchers found that on the high end, sellers averaged $25,000 per week in account sales - roughly $1.2 million per year.

A critical vulnerability in the popular Slack collaboration app would allow remote code-execution. Attackers could gain full remote control over the Slack desktop app with a successful exploit - and thus access to private channels, conversations, passwords, tokens and keys, and various functions.