Security News > 2020 > December

Today, the Linux Foundation announced a cloud-native identity and access management software platform that prioritizes security and performance, the Janssen Project, which is based on the Gluu server and features signing and encryption functionalities. The Linux Foundation, a nonprofit organization enabling innovation through open source, also announced the Janssen Project Technical Steering Committee, which is comprised of engineers from IDEMIA, F5, BioID, Couchbase, and Gluu.

The OpenSSL Project today warned that the widely deployed TLS/SSL toolkit is vulnerable to a serious security flaw that exposes users to denial-of-service attacks. According to an alert from the open-source group, the problem is caused by a specific function that "Behaves incorrectly" if an attacker successfully triggers certain conditions.

Industrial cybersecurity firm Dragos announced on Tuesday that it has raised $110 million in a Series C funding round, which brings the total raised by the company to-date to $158 million. "Our Series C funding is an investment by industry, for industry, and will enable us to fully meet this moment for our customers by advancing the innovative technology at the center of our Dragos Platform, expanding our global footprint, and continuing to recruit the world's most elite team of ICS/OT cybersecurity experts."

Norway's domestic spy agency on Tuesday blamed a Russian hacker group linked to Moscow's military intelligence for a cyberattack on the Norwegian parliament earlier this year. Norwegian Foreign Minister Ine Eriksen Soreide later accused Russia of being behind the attack, and PST investigators have now strengthened her claims.

A new report from cyber threat intelligence provider Check Point looks at the security concerns and priorities among organizations for 2021. The biggest change was the need to enable remote working at a large scale, cited by 67%. Other changes include security education for employees, improving network security and threat prevention, expanding endpoint and mobile security, and rapidly adopting cloud technologies.

D-Link is working on releasing firmware updates to address two command injection vulnerabilities that affect multiple VPN router models. Security researchers at Digital Defense identified a total of three vulnerabilities that affect several D-Link VPN routers, including authenticated and unauthenticated command injection flaws, and an authenticated crontab injection issue.

Phone scams, where a person or a computer calls you up and tries to trick you into saying, buying or doing something you later regret, are still a prevalent sort of cybercrime. What we have noticed is that most of the scam calls we're getting these days are automated, and that the calls themselves - just like phishing emails that are trying to cajole you into taking the next step by yourself - are merely calls-to-action, not full-on sales pitches in their own right.

US and Israel-based cloud visibility solutions provider Orca Security on Tuesday announced that it has raised $55 million in a Series B funding round, which brings the total raised by the company to $82 million. Orca plans on using the money to further expand its platform's cloud security and compliance capabilities, and increase the size of its R&D and sales teams.

The Digital Defense Vulnerability Research Team uncovered a previously undisclosed vulnerability affecting D-Link VPN routers. D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers running firmware version 3.14 and 3.17 are vulnerable to a remotely exploitable root command injection flaw.

Microsoft issued guidance on how to mitigate a DNS cache poisoning vulnerability reported by security researchers from the University of California and Tsinghua University. Successfully exploiting the vulnerability could allow attackers to use modified DNS records to redirect a target to a malicious website under their control as part of DNS spoofing attacks.