Security News > 2020 > October
A report published Thursday by password manager LastPass looks at the pitfalls of passwords and the pros and cons of passwordless options. Asked to cite the biggest challenges, more than half of the respondents said it was employees who use the same passwords across applications, 49% pointed to users who forget their passwords, and 45% referred to the time spent on password management.
HP announced on Thursday that it has expanded its bug bounty program, inviting several white hat hackers to find vulnerabilities in its office-class ink and toner cartridges. The program is private and only four researchers have been invited to find vulnerabilities in original HP cartridges.
Two researchers at the Cisco Talos Intelligence Group examined misleading and incorrect posts on social media to understand why so many people share misinformation and help spread propaganda online. Disinformation is what criminals and foreign actors do: The intentional spreading of false information with the intent to deceive.
The Huawei Cyber Security Evaluation Centre - mostly run by GCHQ offshoot the National Cyber Security Centre, though it is also staffed by some Huawei personnel - sighed that the Chinese company has made "Limited" progress on last year's recommendations to toughen up its act. Code reviewers found "Evidence that Huawei continues to fail to follow its own internal secure coding guidelines. This is despite some minor improvements over previous years." In addition, "The Cell" said it had found more vulnerabilities during 2019 than it had in previous years - though Huawei was keen to paint this finding as "Proof the review system is working", something NCSC guardedly agreed with.
The Huawei Cyber Security Evaluation Centre - mostly run by GCHQ offshoot the National Cyber Security Centre, though it is also staffed by some Huawei personnel - sighed that the Chinese company has made "Limited" progress on last year's recommendations to toughen up its act. Code reviewers found "Evidence that Huawei continues to fail to follow its own internal secure coding guidelines. This is despite some minor improvements over previous years." In addition, "The Cell" said it had found more vulnerabilities during 2019 than it had in previous years - though Huawei was keen to paint this finding as "Proof the review system is working", something NCSC guardedly agreed with.
A cybersecurity expert warns that during Cybersecurity Awareness Month it is time for the enterprise to emphasize training that doesn't just keep their employees from putting the business at risk, but "Empowers them to become the organization's first line of defense." Last year's Cybersecurity Awareness Month presented a different set of issues than this year's.
Cyber risk management solutions provider RiskLens on Thursday announced a new capability designed to help organizations improve investment and budget decisions. The new capability, RiskLens Risk Treatment Analysis, enables cybersecurity and risk teams to assess and compare the impact - in financial terms - of decisions related to investment, controls and other treatment options.
NVIDIA has released security updates for the NVIDIA GPU Display Driver and the NVIDIA Virtual GPU Manager that fix a variety of serious vulnerabilities. The driver security update should be implemented by users of the company's desktop, workstation and data center GPUs, while the vGPU software update is available for the Virtual GPU Manager component on Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, and Nutanix AHV enterprise virtualization solutions.
In particular, video of a person's face contains subtle shifts in color that result from pulses in blood circulation. Deep fakes don't lack such circulation-induced shifts in color, but they don't recreate them with high fidelity.
Health insurer Anthem has agreed to another multimillion-dollar settlement over a cyberattack on its technology that exposed the personal information of nearly 79 million people. Anthem said it was the last open investigation into the attack.