Security News > 2020

Cisco has patched a critical bug that could give attackers unauthorised access to Firepower Management Centre, the device that controls all of its security products. Cisco's FMC is an administrative controller for the company's network security products, giving administrators access to firewalls, application controllers, intrusion prevention, URL filtering, and malware protection systems.

The nature of the banned extensions is difficult to say - Mozilla lists them on Bugzilla using only the IDs they used on addons. The hard ban on extensions that execute remote code seems to have happened around the time pre-release versions of Firefox 72 hove into view, but this was only noticed by some developers and users when the company abruptly banned several page translation extensions in November.

If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave. Dubbed CacheOut a.k.a. L1 Data Eviction Sampling and assigned CVE-2020-0549, the new microarchitectural attack allows an attacker to choose which data to leak from the CPU's L1 Cache, unlike previously demonstrated MDS attacks where attackers need to wait for the targeted data to be available.

The newest list of Okta's fastest growing apps in the enterprise include those that everyone seems to use, such as G Suite and Zoom, but it also includes some surprising newcomers. "The most popular apps list itself has also evolved, featuring new contenders mixed with some of the same companies year after year," said Ming Wu, vice president of data and analytics at Okta.

With NetWars SANS has raised the ante with a set of cyber-tournaments that let participants work through a range of challenging levels and master the skills employed by information security professionals. SANS certified instructor Steve Armstrong, with SANS since 2007, explains how NetWars work.

According to the 2019 Cost of a Data Breach study conducted by the Ponemon Institute, the average cost of a data breach in the UK was $4.88 million - up 10.5% on the previous year. At the end of the day, data security should not be viewed as simply a technical problem that's handled by technical personnel working in IT. Best practices for minimizing cyber risk.

IOActive researchers found that the LoRaWAN protocol - which is used across the globe to transmit data to and from IoT devices in smart cities, Industrial IoT, smart homes, smart utilities, vehicle tracking and healthcare - has a host of cyber security issues that could put network users at risk of attack. Trusting LoRaWAN. "Organizations are blindly trusting LoRaWAN because it's encrypted, but that encryption can be easily bypassed if hackers can get their hands on the keys - which our research shows they can do in several ways, with relative ease," explains Cesar Cerrudo, CTO at IOActive.

"The attorney general should promulgate regulations reflecting that the transfer of data between unrelated companies for any commercial purpose falls under the definition of sale, so that consumers can opt out of the sharing of their data for targeted advertising," writes the Center for Digital Democracy in a blog. The law exempts the transfer of data to "Service providers" from the "Sale" definition, and many companies are claiming they qualify for that exemption, says Heikki Tolvanen, co-founder of PrivacyAnt, a Finland-based privacy firm.

A research out of UTSA finds e-scooters have risks beyond the perils of potential collisions. Computer science experts at UTSA have published the first review of the security and privacy risks posed by e-scooters and their related software services and applications.

While these companies approve an average of 41 cloud services each, up 33 percent from last year, thousands of other services are used ad-hoc without vetting. 52 percent of companies use cloud services that have had user data stolen in a breach.