Security News > 2020 > September

A Chrome 85 update released by Google this week patches several high-severity vulnerabilities, including ones that can be exploited to hack users by convincing them to install malicious extensions. Erceg told SecurityWeek that the vulnerabilities he discovered all target a specific API made available to extensions - he has not named the impacted API due to the fact that Google hasn't mentioned it either in its release notes.

Microsoft's long-lived operating system Windows XP-that still powers over 1% of all laptops and desktop computers worldwide-has had its source code leaked online, allegedly, along with Windows Server 2003. The source code for Microsoft's 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and it's for the very first time when source code for Microsoft's operating system has been leaked to the public.

Threatpost brought together leading voices in the bug bounty community to participate in a webinar Five Essentials for Running a Successful Bug Bounty Program. Are the hackers getting legal advice before engaging in these programs or are you relying on the bug bounty programs to keep them within in the legal lines?

Airbnb says it has fixed a baffling bug in its website that briefly caused some of its users to be shown messages belonging to others when viewing their account inboxes. While it seemed to be Airbnb hosts publicly reporting encountering the blunder, the biz would not confirm exactly who had been hit, only saying it was "a small subset of users" who had their inboxes shown to strangers.

Shannon Stafford, 50, was sent down for 12 months and a day by US federal district Judge Catherine Blake on Thursday. Following a four-day trial in Maryland, a jury in November found Stafford, of Crofton, Maryland, guilty of intentional damage to a computer and attempted intentional damage to a computer.

According to the SAM IoT Security Lab, the FortiGate SSL-VPN client only verifies that the certificate used for client authentication was issued by Fortinet or another trusted certificate authority. "Therefore, an attacker can easily present a certificate issued to a different FortiGate router without raising any flags, and implement a man-in-the-middle attack," researchers wrote, in an analysis on Thursday.

Security experts say they are encouraged by the anemic growth, but at the same time are expressing concern that attacks are now becoming more potent, targeted and complex. According to new research from Kaspersky, 37.8 percent of computers tied to the industrial control systems segment suffered attacks in the first half of 2020, which represents only a 2 percentage increase.

Importantly many foods are frozen using what some call a "Flash freezing" process where the water crystalises rather differently. "Flash freezing is used in the food industry to quickly freeze perishable food items. In this case, food items are subjected to temperatures well below water's melting/freezing point. Thus, smaller ice crystals are formed, causing less damage to cell membranes."

Ring's newly announced robot drone - a connected device that flies around homes taking security footage - is causing privacy experts' concerns to take off. The new device has also sparked a firestorm of privacy concerns on Twitter about how Ring - whose connected doorbells have already created plenty of privacy controversies - will collect, use and share the collected data.

If the reports are to be believed, someone has just leaked a mega-torrent of Microsoft source code going all the way back to MS-DOS 6. Intriguingly, Microsoft has officially released old-school source code before, such as when the source of MS-DOS 1.25 and Word 1.1a were made public a few years back.