Security News > 2020
Oracle has released its first Critical Patch Update for 2020, which includes a total of 334 new security patches across multiple product families. The company notes that 40 of the new patches address critical issues.
Google users who opt for the Advanced Protection Program to secure their accounts are now able to use their iPhone as a security key. In May 2019, Google made it possible to exchange the physical security key with one's Android device.
Q4: What role does a 'private key' play here anyway, if not that in Q3? Q5: If one doesn't simply learn the original private key off of knowing the public key, is one simply able to create a new digital certificate this way, as opposed to, having learned the private key of an existing digital certificate? Did I understand this more correctly now? Q6: Could the fake private key, simply be a number like 1, something that can be guessed by anyone? Or, equally bad, any other number, that you then can use to decipher data because someone would ofc know the private key?
The CryptoAPI cryptographic bug that Microsoft reported in its Patch Tuesday release yesterday was so big that it warranted its own story. Among the most serious bugs were remote code execution flaws affecting the Windows Remote Desktop Gateway, which is a Microsoft service that lets authorised remote users connect to resources on a network via the Remote Desktop Connection client.
Criminals have been caught trying to sneak a malicious package on to the popular Node.js platform npm. The problem package, 1337qq-js, was uploaded to npm on 31 December, after which it was downloaded at least 32 times according to figures from npm-stat.
No need to wait until you've gurgled out of your mother's womb to experience the joys of having your privacy breached, thanks to a mobile app called Peekaboo Moments. Ehrlich told Information Security Media Group that the 100GB database contains more than 70 million log files, with data going back as far as March 2019.
Still, Chief Judge Thomas W. Thrash Jr. writes that "This settlement is the largest and most comprehensive recovery in a data breach case in U.S. history by several orders of magnitude." The minimum cost to Equifax will be $1.38 billion, which includes $1 billion in security upgrades, Thrash writes. "This settlement is the largest and most comprehensive recovery in a data breach case in U.S. history by several orders of magnitude."-Chief Judge Thomas W. Thrash Jr. Equifax failed to catch such a large exfiltration of data because a security certificate on a traffic monitoring device had expired, the report says.
An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit-card numbers, cryptowallet accounts and more. Oski started out targeting victims in North America, but in the last few days has added China to its set of targeted geographies.
No surprise here: Apple has yet again said no to the FBI's request to break iOS encryption - this time, as it investigates the 6 December mass shooting at a naval base in Pensacola, Florida. We have asked Apple for its help in unlocking the shooter's phones.
The Cloud Native Computing Foundation is inviting bug hunters to search for and report vulnerabilities affecting Kubernetes. Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management.