Security News > 2020 > December
This new protocol, called Oblivious DNS-over-HTTPS, hides the websites you visit from your ISP. Here's how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can't see what's inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.
Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday of 2020, effectively bringing their CVE total to 1,250 for the year. The fixes for December concern a number of remote code execution flaws in Microsoft Exchange, SharePoint, Excel, and Hyper-V virtualization software, as well as a patch for a security feature bypass in Kerberos, and a number of privilege escalation flaws in Windows Backup Engine and Windows Cloud Files Mini Filter Driver.
What they found instead is a treasured piece of computing history, a World War II-era German Enigma crypto machine, sunk to the bottom of the Baltic Sea to protect its precious technology from Allied forces. The development of the Enigma Cipher machine and the life-and-death race to crack its code wasn't just crucial to deciding the outcome of World War II; it ushered in the modern computing age.
Microsoft has addressed 58 CVEs for its December 2020 Patch Tuesday update. Also on the Exchange front, CVE-2020-17132 addresses a patch bypass for CVE-2020-16875, which was reported and patched in September's Patch Tuesday release.
Although the Cybersecurity Insights Report finds that "Standalone 5G is more secure than any previous network generation," fewer than 10% of respondents said they feel that their security posture is fully prepared for the rollout of 5G. "The move to 5G is highly influenced by the business, which means that business and IT leaders need to collaborate on 5G strategies and implementation,'' the report stated."Digital transformation is reshaping how organizations think about technology investments. In terms of 5G use cases, nearly 36% cited improvements to Internet of Things/operational technology/industrial IoT, followed by data privacy, and broader network coverage.
Foxconn Technology Group confirmed Tuesday that a November cyberattack knocked some of its U.S. operations offline. "We can confirm that an information system in the U.S. that supports some of our operations in the Americas was the focus of a cybersecurity attack on November 29," Foxconn said in a statement on Tuesday.
As expected, Microsoft fixed a smaller-than-usual number of CVEs on this December 2020 Patch Tuesday: 58 in total. Satnam Narang, staff research engineer at Tenable, pointed out that CVE-2020-17132 addresses a patch bypass for CVE-2020-16875, which was reported and patched in September's Patch Tuesday release.
The Apache Software Foundation has released a security update for Struts 2, to address what is described as a "Possible remote code execution" flaw related to the OGNL technology. Tracked as CVE-2020-17530, the newly addressed bug resides in "Forced OGNL evaluation, when evaluated on raw user input in tag attributes," according to an Apache advisory.
Apple is stepping up privacy for app users, forcing developers to be more transparent about data collection and warning they could be removed if they don't comply with a new anti-tracking measure, a company executive and regulators said Tuesday. Called App Tracking Transparency, it will require apps to clearly ask for users' permission before tracking them.
"The top skills in demand focus around securing SaaS applications, federated identity, data control focused skills, threat intelligence, and zero trust, which is really focused on identity but may be called out differently," said Brandon Hoffman, chief information security officer at NetEnrich. New demands have firms turning to cybersecurity degree programs in hopes of luring recruits, who include a growing number of women, who have the latest in-demand skills.