Security News > 2020 > November

The most vulnerable devices include laptops, computers, smartphones and tablets, networked cameras and storage devices, and streaming video devices, a new report found. The most vulnerable connected home devices include laptops, computers, smartphones and tablets, networked cameras, networked storage devices, and streaming video devices, according to the report.

Microsoft has released the optional KB4586853 non-security cumulative update preview for Windows 10 versions 2004 and 20H2, with USB 3.0 and gaming fixes. The Windows 10 KB4586853 cumulative update preview includes 45 improvements or fixes for known issues.

If you've purchased a FEITIAN FIDO2 device and can't seem to get it working with Linux, Jack Wallen shows you how. That's fundamentally how FIDO2 works, and there are plenty of companies that make such devices.

The WebKit browser engine is affected by several vulnerabilities, including ones that can be exploited for remote code execution by convincing the targeted user to visit a malicious website. Cisco's Talos threat intelligence and research group revealed on Monday that one of its researchers identified several high-severity use-after-free vulnerabilities that can be exploited for remote code execution by getting the targeted user to access a specially crafted web page with a browser that uses WebKit.

It turns out that the M1 chip not only performs fantastic for macOS BigSur but it may also be a better choice for Windows 10 than Microsoft's own devices. This is illustrated when developer Alexander Graf used the QEMU virtualization software to install Windows 10 on ARM on an M1 Apple device, and the results are astounding.

They really know how to mix a perfectly balanced cocktail of software engineering and human insight when it comes to crafting the perfect spear-phishing attack. If a CEO or other C-level exec is hooked, they have the power to deliver virtually whatever the attackers desire - whether it's authorizing payment transfers, or spilling company secrets, or any number of actions only a chief exec can take, unchecked.

The Vietnam-backed OceanLotus has been around since at least 2013, and previously launched targeted attacks against media, research and construction companies. Older samples of the backdoor have targeted the same region before, according to researchers with Trend Micro.

Financial cybercrime in 2021 is set to evolve, researchers say, with extortion practices becoming more widespread, ransomware gangs consolidating and advanced exploits being used more effectively to target victims. According to Kasperky, ransomware - above all - will continue to be a main scourge in the year ahead. "Due to their successful operations and extensive media coverage this year, the threat actors behind targeted ransomware systematically increased the amounts victims were expected to pay in exchange for not publishing stolen information," researchers said in a Monday posting.

For many of us stuck working from home for most of the year, the lines between work and home activities have blurred. Similar to how social distancing can help prevent the spread of COVID-19, keeping a 'six foot distance' between our digital home life and digital work life can go a long way when it comes to safeguarding our most sensitive data, too.

"Check washing" is a practice where thieves break into mailboxes, find envelopes with checks, then use special solvents to remove the information on that check and then change the payee and the amount to a bank account under their control so that it could be deposited at out-state-banks and oftentimes by a mobile phone. The article suggests a solution: stop using paper checks.