Security News > 2020 > December
Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even perform a 'nuclear rage quit' and crash the Valve game server to end the game completely," Check Point Research's Eyal Itkin noted in an analysis published today.
Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system. Collectively called "AMNESIA:33" by Forescout researchers, it is a set of 33 vulnerabilities that impact four open-source TCP/IP protocol stacks - uIP, FNET, picoTCP, and Nut/Net - that are commonly used in Internet-of-Things and embedded devices.
FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a state-sponsored attack by a "Highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers. Red Team tools are often used by cybersecurity organizations to mimic those used in real-world attacks with the goal of assessing a company's detection and response capabilities and evaluating the security posture of enterprise systems.
Google, which makes most of its money from online ads, insists it wants ad blockers to continue working under the latest, more locked-down iteration of its Chrome browser extension platform, known as Manifest v3. As a way to measure the problem, Alexandre Blondin, Chrome product manager, pointed out in a blog post on Wednesday that when Google integrated the Chrome Web Store with its Google Safe Browsing infrastructure, "The number of malicious extensions that Chrome disabled to protect people grew by 81 percent."
Microsoft is rolling out a sleeping tabs feature to the new Chromium-based Edge web browser which will drastically reduce memory and CPU resource usage. "Just like a good night's sleep allows you to stay focused and productive the next day, sleeping tabs helps optimize your browser's performance by freeing up resources for the tabs you're really using."
To select suitable cyber insurance for your business, you need to think about a variety of factors. Cyber insurance has developed significantly over the past decade, driven by the increasing threat landscape and expanding legislation.
A domain spoofing email phishing campaign that very convincingly impersonates Microsoft and successfully tricks legacy secure email gateways has recently been spotted by Ironscales. Spoofed the sender's domain to make it look like the email comes from Microsoft.
The number of vulnerability disclosures is back on track to reach or bypass 2019 as we head into 2021, according to Risk Based Security. Earlier in 2020 that gap was instead a sharp decline of 19.2%. "At the end of Q1 this year, we saw what appeared to be a sharp decline in vulnerability disclosures as compared to 2019, dropping by 19.2%. Statistically that is huge," commented Brian Martin, VP of Vulnerability Intelligence at Risk Based Security.
In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.
Findings highlight gaps in stress levels between workers at different job levels and industries and how increased usage of collaboration and UC applications has impacted the success of internal communication at enterprises. It's no surprise that stress levels amongst employees have increased in the wake of the pandemic.