Security News > 2020

Hey, Linux fans! Microsoft has got your back over fileless threats. A fileless attack tends to hit via a software vulnerability, inject a stinky payload into an otherwise fragrant system process and then lurk in memory.

Researchers have found some speakers activating by mistake up to 19 times each day. The researchers wanted to simulate real-world conditions, so they set up a variety of smart speakers with embedded virtual assistants and played them 125 hours of audio from various Netflix shows ranging from The Office to The Big Bang Theory and Narcos.

New Mexico Attorney General Hector Balderas is suing Google over its alleged slurping of students' data off of the free Chromebooks it passes out to needy schools and from its free G Suite for Education products, including Gmail, Calendar, Drive, Docs, Sheets, and other apps. According to the complaint, which was filed in the US District Court for the District of New Mexico on Thursday, Google has marketed its suite - formerly known as Google Education - to schools, parents and children as a "Free and purely educational tool", but in actuality, it comes "At a very real cost that Google purposefully obscures."

Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of the default DNS servers set by your operating system, router, or network provider.

A Chrome 80 update released on Monday patches three high-severity vulnerabilities, including one that Google says has been exploited in the wild. Google has credited Clement Lecigne of its Threat Analysis Group for reporting the vulnerability.

Less than a month after the patching of a critical RCE flaw in OpenSMTPD, OpenBSD's mail server, comes another call to upgrade to the latest version, as two additional security holes have been plugged. CVE-2020-8794 is an out-of-bounds read flaw introduced in December 2015 and can - depending on the vulnerable OpenSMTPD version - lead to the execution of arbitrary shell commands either as root or as any non-root user.

A group of business email compromise scammers that targeted thousands in the United States employed Google's G Suite for their infrastructure, Agari reports. Active since at least 2013, the group engaged in check fraud schemes in 2014, and has sent out thousands of fake checks since then, "Adding up to millions of dollars in fraudulent funds using this scheme and others like it," Agari says in their report.

Researchers from Ben-Gurion University of the Negev's Cyber Security Research Center have found that they can trick the autopilot on an autonomous car to erroneously apply its brakes in response to "Phantom" images projected on a road or billboard. In a research paper the researchers demonstrated that autopilots and advanced driving-assistance systems in semi-autonomous or fully autonomous cars register depthless projections of objects as real objects.

Specops Software realized these problems and offers an interesting solution: Specops Key Recovery, a self-service tool for recovering BitLocker recovery keys. Specops Key Recovery makes it possible for the user to visit a self-service portal via another device and verify their identity using a number of authentication factors provided by the previously enrolled identity services.

The EU Agency for Cybersecurity published a cybersecurity procurement guide for hospitals. The Procurement Guidelines for Cybersecurity in Hospitals published by the Agency is designed to support the healthcare sector in taking informative decisions on cybersecurity when purchasing new hospital assets.