Security News > 2020
Cisco is issuing patches for five critical vulnerabilities that have been discovered in Cisco Discovery Protocol, the info-sharing layer that maps all Cisco equipment on a network. CDP is a Cisco proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment.
Many Philips Hue smart light bulbs have a firmware flaw that leads hackers into an entire network, Check Point Research found. Security firm Check Point Research has released its findings that many Philips Hue smart light bulbs have a flaw in their firmware, which allows attackers to take control of an individual bulb, push malicious firmware to it, and spread other malicious software throughout a network.
In recent years, several cybersecurity researchers demonstrated innovative ways to covertly exfiltrate data from a physically isolated air-gapped computer that can't connect wirelessly or physically with other computers or network devices. How Does the Brightness Air-Gapped Attack Work? In his latest research with fellow academics, Mordechai Guri, the head of the cybersecurity research center at Israel's Ben Gurion University, devised a new covert optical channel using which attackers can steal data from air-gapped computers without requiring network connectivity or physically contacting the devices.
The vulnerability was discovered by PerimeterX security researcher Gal Weizman, who said he found multiple issues in WhatsApp Desktop, starting with an open redirect into persistent XSS and Content Security Policy bypass, and then a "Cross platforms read from the local file system." One of the main issues Weizman identified was that an attacker could modify WhatsApp reply messages to include quotes of messages the recipient never sent.
"Had the U.K. banned Huawei in 2018 like the U.S. and Australia, the mobile operators' 5G rollout plans would have been at an earlier stage." "Had the U.K. banned Huawei in 2018 like the U.S. and Australia, the mobile operators' 5G rollout plans would have been at an earlier stage. The U.S. also compensated some of its networks for the costs of equipment removal."
Ekans, a recently discovered ransomware variant that's designed to target industrial control systems, appears to have some of the same characteristics found in Megacortex, malware that struck several high-profile targets in 2019, according to the security firm Dragos. It's also not clear whether the developers behind Eknas plan to target a region or specific organizations that use industrial controls systems, such as oil and gas firms, electric utilities or manufacturing facilities, according to the Dragos report.
In my previous column, I discussed using gap analysis to assess an organization's information security program and build a work program to improve it. In this regard, gap analysis provides the security organization with another good driver for its metrics.
Iowa's much-anticipated caucus results were delayed after a mobile app commissioned by Iowa's Democratic Party malfunctioned. "We sincerely regret the delay in the reporting of the results of last night's Iowa caucuses and the uncertainty it has caused to the candidates, their campaigns, and Democratic caucus-goers," says Shadow Inc. CEO Gerard Niemira in a statement on the company's website.
Three cybersecurity startups have been selected to participate in the RSAC Launch Pad 2020. The event gives early stage startups a platform to introduce their potentially groundbreaking solutions to high-profile venture capitalists in a Shark Tank-style format, all in front of a live audience at RSA Conference 2020 in San Francisco.
Researchers have demonstrated an ability to compromise an IoT smart bulb, and then use malware from the internet-connected bulb to infiltrate the rest of a network - regardless of whether that is a home or office. In 2016, earlier researchers were able to compromise Philips Hue lightbulbs with malicious firmware, and then propagate to other adjacent lightbulbs.