Security News > 2020 > December

According to online fraud prevention company Bolster, November saw new websites related to gift card fraud at a rate of more than 220 per day. Bolster's research team note that online scams involving gift cards are predominantly impersonating Target's balance checking pages.

The name "Amnesia:33" refers to the fact that most of the flaws stem from memory corruption - coupled with the fact that there are 33 flaws. While researchers did not specify which vendors and specific devices were affected by the set of vulnerabilities, they said at least 150 vendors were affected.

Many companies have no mechanism to deal with a common problem: when users open accounts using someone else's email address, either by accident or design. The problem is not only that email addresses are easily spoofed - mitigated by mechanisms like SPF and DKIM - but that they also lack any robust process by which organisations collect email details.

The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle attacks. CVE-2020-8554 is a design flaw that impacts all Kubernetes versions, with multi-tenant clusters that allow tenants to create and update services and pods being the most vulnerable to attacks.

A vulnerability in D-link firmware powering multiple routers with VPN passthrough functionality allows attackers to take full control of the device. Reported by Digital Defense's Vulnerability Research Team on August 11, the flaw is a root command injection that can be exploited remotely if the device's "Unified Services Router" web interface is reachable over the public internet.

The IT department, as always, will be on task to track access grants and any other duties under IGA. Identity fatigue is the enemy of transformation. Digital transformation of identity isn't as simple as swapping identity solution A for identity solution B, or spending more on your existing solution.

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks-even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three security shortcomings were responsibly disclosed to D-Link on August 11, which, if exploited, could allow remote attackers to execute arbitrary commands on vulnerable networking devices via specially-crafted requests and even launch denial-of-service attacks.

Today, banks must contend with near-constant cyber attacks from organized criminal gangs, as well as highly skilled and well-resourced threat actors working on behalf of nation-states. The cyber threats facing banks are exacerbated by a large and complex infrastructure that presents threat actors with an extensive attack surface, allowing them to strike network infrastructure and systems like SWIFT, employees, customers, and physical assets like ATMs. The extent of these threats demands a proactive and persistent security program.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

With more people working from home than ever before due to COVID-19, communications preferences shifted: 37% of IT decision-makers reported workers preferred to use business chat apps over email- up significantly from 31% in 2019. These tools are clearly useful, with 75% of IT decision-makers believing communications effectively meet business demands in 2020.