Security News > 2020

Trusona offers the world's first fully passwordless authentication technology. "This round of funding will not only help us meet the growth in demand for our passwordless authentication solutions, but will also support new breakthrough innovations," said Ori Eisen, Founder and CEO at Trusona.

One of the functions that the CryptoAPI offers is to check and validate so-called digital certificates, which are blocks of cryptographic data that are used to vouch for online services you use or files you load. Digital certificates are the cryptographic sauce that puts the S into HTTPS, and the padlock into your browser's address bar. The idea is that you create a certificate to vouch for your website or your software; you get a so-called Certificate Authority to sign your certificate to vouch for you; and your browser or operating system - in this case, Microsoft's CryptoAPI, vouches for the CA. Digital certificates considered important.

The U.S. National Security Agency took the unusual step Tuesday of announcing what it calls a "Severe" vulnerability in Microsoft's Windows 10 operating system ahead of Microsoft's Patch Tuesday security update. The U.S. Department of Homeland Security released a statement Tuesday ordering all federal agencies to patch the vulnerability and urging all Windows users to apply the security patch provided by Microsoft within 10 days.

Amid Uncle Sam's dire warnings, Microsoft said there is no evidence of the flaw being targeted in the wild and its severity level is listed as "Important," a step below the critical remote code execution bugs in RDP,.NET and Internet Explorer. The American spying agency wants everyone to know - to the point of even holding a press conference about CVE-2020-0601 - that it privately found and reported this diabolical cert flaw to Microsoft, and that it is a totally friendly mass-surveillance system that has turned a new leaf, wants to be on the good side of infosec researchers, and cares about your ongoing ability to verify the origin and integrity of executable files and network connections.

SAP today released 6 Security Notes and 1 Updated Note as part of its January 2020 Security Patch Day, with all addressing Medium severity vulnerabilities. Next in line is CVE-2020-6304, a Denial of service flaw in SAP NetWeaver Internet Communication Manager, featuring a CVSS score of 5.9, which was reported to SAP in September, says Onapsis, a firm that specializes in securing SAP and Oracle applications.

Apple and the US government are at loggerheads for the second time in four years over unlocking iPhones connected to a mass shooting, reviving debate over law enforcement access to encrypted devices. Attorney General Bill Barr claimed Monday that Apple failed to provide "Substantive assistance" in unlocking two iPhones in the investigation into the December shooting deaths of three US sailors at a Florida naval station, which he called an "Act of terrorism."

Intel is warning of a high-severity vulnerability in its performance analysis tool called Intel VTune Profiler. "Improper access control in driver for Intel VTune Amplifier for Windows before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access," according to an Intel security update.

Concerned global citizens making donations to help fight the massive Australia bushfires have been caught up in a Magecart attack, after one of the groups implanted a payment-card skimmer on the check-out page of a legitimate online donation site. Researchers ran across the Magecart script, named "ATMZOW" after one of the strings in the code, stealing form data from the checkout page of the site.

January Patch Tuesday tackles 50 bugs, with eight rated critical, all as it pushes out its last regular Windows 7 patches. A major crypto-spoofing bug impacting Windows 10 users has been fixed as part of Microsoft's January Patch Tuesday security bulletin.

Apple has responded to a demand from the United States' Attorney General William Barr that it grant the FBI access to two iPhones used in a recent shooting by carefully calling bullshit on his claims. Barr held a press conference on Monday in which he accused Apple of not having given the FBI "Any substantive assistance" in the case of Saudi airman Mohammed al-Shamrani, who shot and killed three American sailors at a naval base in Pensacola, Florida.