Security News > 2020 > December

Looking to beef up its portfolio of consumer security software, NortonLifeLock on Monday announced an all-cash $360 million deal to snap up German anti-virus firm Avira. The deal gives NortonLifeLock an immediate foothold in the European market, where Avira is known for providing a freemium anti-malware product to about 30 million devices.

Google this week announced the launch of a knowledge base with information on a class of vulnerabilities referred to as cross-site leaks, or XS-Leaks. These vulnerabilities, Google explains, are rooted in the modern web applications' misuse of long-standing web platform behaviors, thus resulting in websites leaking information on the user or the information the user has entered in other web applications.

Security bugs found in the PlayStation Now cloud gaming Windows application allowed attackers to execute arbitrary code on Windows devices running vulnerable app versions. PlayStation addressed the bug and tagged the bug report as 'Resolved' one month later, on June 25th, 2020.

QNAP Systems is warning of high-severity flaws that plague its top-selling network attached storage devices. QTS is the operating system for NAS systems, while the QuTS Hero is an operating system that combines the app-based QTS with a 128-bit ZFS file system to provide more storage management.

A police constable has been sacked after reportedly tracking down young women motorists through their car numberplates and propositioning them on social media. Stephen Woods, formerly of Guernsey Police, was dismissed from the Channel Island's local force after searching for their car registration details to find their names.

Two information disclosure vulnerabilities recently identified in the Chrome, Edge, and Firefox web browsers may be exploited to obtain information on applications on the system, Fortinet reports. The bugs impact Protocol Handlers, which are related to a mechanism that allows apps to register their own URI schemes used for process execution.

Russian security shop Kaspersky has warned about the crew dubbed DeathStalker, which has new malware up for sale as a hacking-for-hire service. The DeathStalker team seems to make a target of legal and financial services companies and the new malware hides itself in images of pictures of ferns and peppers and uses a DNS over HTTPS to set up a channel to exfiltrate data.

Hackers have dumped sensitive company data that was stolen during a ransomware attack last month on aircraft manufacturer Embraer. Embraer did not specify what kind of attack the company suffered, or if data was stolen from the accessed environment.

Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation. Cisco Security Manager helps manage security policies on a large assortment of Cisco security and network devices, and it also provides summarized reports and security event troubleshooting capabilities.

The United States and Australia on Friday announced a partnership for the continuous development of a virtual cyber training range. The Cyber Training Capabilities Project Arrangement, which was signed on November 3, results in the incorporation of Australian Defense Force feedback into the U.S. Cyber Command's simulated training domain, the Persistent Cyber Training Environment.