Security News > 2020
Cisco this week informed customers that some of its Small Business Switches are affected by high-severity vulnerabilities that can be exploited to obtain sensitive device information and to launch denial-of-service attacks. The information disclosure vulnerability is caused by the lack of proper authentication controls and it can be exploited by sending specially crafted HTTP requests to the user interface of an affected switch.
The UN did not share that discovery with the authorities, the public, or even the potentially affected staff, and we now know about it only because TNH reporters got their hands on a confidential report by the UN. How was the UN hacked? According to the report, the attack started in July 2019, when the attackers managed to compromise a server located at the UN Office in Vienna through CVE-2019-0604, a security hole in Microsoft SharePoint patched by Microsoft in February 2019 and subsequently widely exploited by attackers to hit a variety of targets worldwide.
Last week, the state House of Representatives unanimously passed legislation - House Bill 1143 - stipulating that employers can't force their employees to have an ID or tracking chip implanted in their bodies as a condition of employment. As the Indiana Lawyer reports, Morrison said that he wants to be sure employers don't "Overstep their bounds" by imposing mandatory employee microchipping.
The United States Department of the Interior this week has halted the operation of unmanned aircraft systems over cybersecurity concerns most likely related to the use of Chinese drones. The purpose of the order is "To better ensure the cybersecurity and supply of American technology of UAS procured for use and operation in support of the Department of the Interior's mission."
Cybertech Global Tel Aviv is one of the largest B2B networking events in the cyber industry, outside of the United States. Every year, the event attracts thousands of attendees, mainly C-level executives, investors, professionals, and government officials from all over the world.
Cybertech Global Tel Aviv is one of the largest B2B networking events in the cyber industry, outside of the United States. Every year, the event attracts thousands of attendees, mainly C-level executives, investors, professionals, and government officials from all over the world.
Many devices, including ones often found in enterprise environments, are likely still vulnerable to direct memory access attacks, despite the fact that hardware and software vendors have implemented protections that should prevent such attacks, firmware security company Eclypsium said on Thursday. Eclypsium recently conducted tests on a couple of devices - a Dell XPS 13 7390 2-in-1 released in October 2019 and an HP ProBook 640 G4 - in an effort to show that the presence of built-in protections may not be enough to prevent DMA attacks against machines often found in enterprise environments.
Facebook has agreed to pay $550 million to Illinois users to settle a class action lawsuit filed over the use of its face-tagging technology to collect facial-recognition data on its social media platform. The suit stems from a class-action proceeding from Facebook users in Illinois over a feature called Tag Suggestions, which identifies Facebook users in photos based on biometric identification technology and suggests that they be "Tagged" in photos on someone else's profile based on that info.
Many CISOs I speak with are growing weary of searching for the next "Silver bullet" security technology or another threat feed to improve their security posture. Clearly, this approach hasn't worked as the velocity of attacks increases and the cost of a data breach continues to rise - from $3.86 million last year to $3.92 million in 2019, according to the 2019 Ponemon Cost of a Data Breach Study.
In March 2019, researchers with a group called Security Without Borders - a non-profit that often investigates threats against dissidents and human rights defenders - identified more than 20 government spyware apps squatting in plain sight, pretending to be harmless, vanilla apps on Google's Play store. Those apps - which were just a decoy through which government spyware called Exodus was installed on targets' phones - were anything but harmless.