Security News > 2020
Coinsource now offers ATMs that customers can use to manage their Bitcoin.
Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities - and exploit code for one of them is already public, so get patching. Interestingly enough, at the time, this public source-code tweak was spotted and studied by Exodus Intelligence researchers István Kurucsai and Vignesh Rao, who hoped to see whether it's still practical to identify security bug fixes among code changes in the Chromium source tree and develop an exploit before the patch sees an official release, a practice known as patch-gapping.
Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities - and exploit code for one of them is already public, so get patching. Interestingly enough, at the time, this public source-code tweak was spotted and studied by Exodus Intelligence researchers István Kurucsai and Vignesh Rao, who hoped to see whether it's still practical to identify security bug fixes among code changes in the Chromium source tree and develop an exploit before the patch sees an official release, a practice known as patch-gapping.
Google has issued an update for its widespread Chrome browser to fix three security holes. Google, which is often vociferous about bugs and how they work, especially those found by its own Project Zero and Threat Analysis teams, is playing its cards close to its chest in this case.
During the event's annual Cryptographer's Panel, industry leaders broke down their top crypto-concerns, including privacy regulations, election security and blockchain. "Any legislation that requires people to undo past actions is contrary to the technology. In most cases, blockchain is overhyped and there are simpler ways to achieve the same goal. Most of these use cases have been proposed for blockchain are nonsense."
"Phishing continues to be one of the primary breach vectors in the healthcare industry. It is cheap, effective and profitable to the cyber-criminal element," says Rich Curtiss, director of healthcare risk assurance services at security consultancy Coalfire. "Health records command a hefty price on the 'dark web' and are relatively easy to acquire through phishing attacks. Phishing is an organizational threat and not an IT problem. Addressing the threat must be a strategic imperative and, to be truly effective, must be part of the organizational culture."
Actor and activist George Takei opened RSA 2020 with the message, "Homogeneity equals disaster," and RSA president Rohit Ghai reinforced that message: "We need to stop being snobs and trade exclusivity for inclusion." The discussion was in the RSA 2020 opening keynote on Tuesday, Feb. 25, at the Moscone Center in San Francisco. By looking beyond the traditional profile of a security expert, security teams can improve their problem-solving skills by improving diversity.
Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild. Google said the flaw impacts versions of Chrome released before version 80.0.3987.122.
In a RSA 2020 simulation, the Red Team compromised email accounts, created deepfake videos and spread disinformation on Election Day in Adversaria. At RSA 2020, Cybereason assembled a group of journalists and other conference attendees to be the Red Team, in charge of creating just enough chaos to cause residents of the fictional city Adversaria to doubt the results of the election.
The security industry needs to branch out beyond its historically "Narrow culture" and change how it is perceived by the rest of the world. The narrative around cybersecurity needs to instead emphasize the human players behind cybersecurity, including the IT teams working in companies, the cybercriminals who are launching cyberattacks, the businesses who are working with security teams - and, importantly, the end users who are often the true victims.