Security News > 2020 > December

Microsoft is testing a way to quickly bring new features and improvements to Windows 10 outside of the regularly scheduled Windows updates. Historically, when Microsoft wants to bring a new feature or improvement to Windows 10, they include them in scheduled cumulative updates or feature updates.

Open source vulnerabilities go undetected for over four yearsFor its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security and developers' practices regarding vulnerability reporting, alerting and remediation. Which security practices lead to best security outcomes?A proactive technology refresh strategy and a well-integrated tech stack are, according to a recent Cisco report, two security practices that are more likely than many others to help organizations achieve goals such as keeping up with business, creating security culture, managing top risks, avoiding major incidents, and so on.

Two people have been arrested for stealing defense data from the Italian aerospace and electronics group Leonardo, the interior ministry said on Saturday. "At the end of a complex investigation by the Naples prosecutor into a serious computer attack against Leonardo. a former worker and a company director were arrested," a ministry statement said.

Italian police have arrested two people allegedly for using malware to steal 10 GB of confidental data and military secrets from defense company Leonardo S.p. A. Leonardo is one of the world's largest defense contractors, with 30% of the company owned by the Italian Ministry of Economy and Finance.

Almost every month, the Windows Update catalogue is updated with new drivers prepared by OEMs and driver vendors. To make matters worse, users have discovered that Windows 10 driver updates are offered in a confusing manner with unrecognizable name and versions, which makes it difficult to understand what should be installed.

Google Chrome is getting a new browser heads-up display that displays performance metrics about the web pages you are visiting. To help users analyze these metrics on web pages, Google released a Chrome extension named Web Vitals that displays an on-screen HUD with performance metrics for web pages you are visiting.

Over the past week, users of the MetaMask cryptocurrency wallet have been losing funds to a phishing scam that lured potential victims through Google search ads. Although it is unclear how many MetaMask users fell for the scam, some say they ended up with empty wallets after clicking on a fraudulent search ad being promoted as the MetaMask site.

A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research. Attributing the operation to a nation-state actor, IBM Security X-Force researchers said the attacks took aim at the vaccine cold chain, companies responsible for storing and delivering the COVID-19 vaccine at safe temperatures.

Bad enough for many, but how much worse for those who's job it is 12hours a day and day after day without break. The stress of that and knowing every day could be the day you catch your bullet, unseen unfelt untill you fall.

Is the problem with sensor efficacy, or is it in how these sensors have been architected, managed and applied in the environment? Scientific, data-driven management of the sensor grid will be able to measure a few key performance characteristics, including the volume of alerts generated and total traffic seen, the number and diversity of signatures that alarm, and whether or not SOCs recognize and can react to real incidents.