Security News > 2020 > November
Accuracy isn't great, but that it can be done at all is impressive. Murtuza Jadiwala, a computer science professor heading the research project, said his team was able to identify the contents of texts by examining body movement of the participants.
VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. "Updated patch versions in the response matrix of section 3a after release of ESXi patches that completed the incomplete fix for CVE-2020-3992 on 2020-11-04," said Oracle's updated advisory.
VMware on Wednesday informed customers that it has released new patches for ESXi after learning that a fix made available last month for a critical vulnerability was incomplete. VMware said the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the flaw.
Japanese game developer Capcom has suffered a ransomware attack where threat actors claim to have stolen 1TB of sensitive data from their corporate networks in the US, Japan, and Canada. Yesterday, Capcom announced that they had been hit with a cyberattack on November 2nd, 2020, that led to the halting of portions of their corporate network to prevent the attack's spread. "Beginning in the early morning hours of November 2, 2020 some of the Capcom Group networks experienced issues that affected access to certain systems, including email and file servers. The company has confirmed that this was due to unauthorized access carried out by a third party, and that it has halted some operations of its internal networks as of November 2.".
Microsoft says that it fixed a known issue affecting devices running Windows 10, version 2004 since June and causing external displays to go black when drawing in certain applications including Microsoft Office Word and Whiteboard. "If you have a device running Windows 10 version 2004 with a built-in screen and a connected external display set to Duplicate your primary screen, you might see both monitors flicker and the external monitor go black if you try to draw using an Office app," Microsoft said.
Swedish insurance company Folksam on Tuesday revealed that data on 1 million customers was inadvertently shared with third-parties. Immediately after discovering the issue, the company stopped the data sharing, contacted its partners to ask them to erase the data, and also informed authorities on the matter.
Qualys announced Container Runtime Security, which provides runtime defense capabilities for containerized applications. Qualys Runtime Container Security, once instrumented in the image, will work within each container irrespective of where the container is instantiated and does not need any additional administration containers.
You don't need fancy technology to figure out who these risky users are - they tell you! The problem is that most employees take data before they give notice - and conventional data security tools don't give you the historical breadth and depth you need to detect and respond before they walk out the door. According to Code42's Data Exposure Report, 63% of employees say they brought data with them from their previous employer to their current employer.
A proxy request may contain the X-Forwarded-For or Via HTTP headers revealing the source device's IP address, and inform the destination that the request is coming from a proxy. Last month, Security researcher and podcast creator David Coomber found out that Applebot had been using a proxy that leaked Apple's internal IP addresses.
UPDATE. Police in Mississippi are testing a program in which they can livestream video footage from private security cameras - including Ring doorbell cameras - installed at private homes and businesses. Even though the camera owners agree to participate in the program, cameras such as Ring often capture footage of people in the vicinity also going about their daily business, people who likely did not agree to have their moves surveilled by law enforcement, Guariglia wrote.