Security News > 2020 > October

Google released an update to its Chrome browser that patches a zero-day vulnerability in the software's FreeType font rendering library that was actively being exploited in the wild. Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType.

A Chrome 86 update released by Google on Tuesday patches several high-severity vulnerabilities, including a zero-day that has been exploited in the wild. The actively exploited vulnerability is tracked as CVE-2020-15999 and it has been described as a heap buffer overflow bug affecting FreeType, a popular software library for rendering fonts.

Cisco has released two studies examining how workers feel about the current state of play when it comes to remote work security and data privacy, finding that thousands around the world are increasingly concerned about how their employers are handling the massive societal changes that have occurred over the last six months. "Cisco's latest privacy research highlights that people care deeply about protecting their data, and many have stopped doing business with companies due to data privacy concerns," said Brad Arkin, senior vice president and chief security and trust officer at Cisco.

A problem that halted trading on the Paris stock market and others across Europe was a "Middleware" issue and not a cyber attack, operator Euronext said Tuesday. Trading ground to a halt for around three hours early Monday in Amsterdam, Brussels, Dublin, Lisbon and Paris, and the French market closed late, before issuing a statement that most trades made after 5:30 local time would be annulled.

The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors. The NSA notes that it has observed Chinese threat actors scanning for or attempting to exploit these vulnerabilities against multiple victims.

Microsoft announced the security baseline draft release for Windows 10 and Windows Server, version 20H2, as well as the intention to include the Microsoft Defender Antivirus 'Block At First Sight' feature within the new baseline. The Windows 10 security baseline enables security admins to use Microsoft-recommended Group Policy Object baselines to reduce Windows 10's attack surface and for boosting the overall security posture of enterprise endpoints.

The magnitude of extreme weather events - and their prevalence in areas that have not previously been prone to them - will create havoc for organizations that have not prepared for their impact. Extreme weather events have frightening consequences for people's lives and have the potential to degrade or destroy critical infrastructure.

If you want to improve the security of your software-and you should-then you need the Building Security In Maturity Model, an annual report on the evolution of software security initiatives. The BSIMM examines software security activities, or controls, on which organizations are actually spending time and money.

LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network. LockBit attacks leave few traces for forensic analysis as the malware loads into the system memory, with logs and supporting files removed upon execution.

The embrace of remote collaboration, and specifically video collaboration, has been swift and robust. While uncertainty remains on what exactly a post-pandemic working experience will look like, it is without a doubt that video will remain a fundamental part of the collaboration tool kit.