Security News > 2020

Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches. The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices, the vendor said.

Gas stations are gearing up for a major change in credit-card fraud liability in October, when they will find themselves on the hook for card-skimming attacks at the pump. Dobieski however believes that with the shift in liability for attacks on card data looming, gas stations will indeed spend the next 10 months either finally upgrading their fuel pumps to chip-and-PIN, or, finding a workaround, such as implementing tokenization or point-to-point encryption.

When is a password breach not a password breach? When is a password warning a hoax? The "Poloniex emails and passwords" announced on Twitter seem to have been from a previous, unknown breach, and the crooks were simply chancing their arm by guessing that at least some of the account names and password might also work on the Poloniex site.

Iran has vowed "Severe revenge" against the United States for killing top commander Qasem Soleimani and will likely use its experience of asymmetric warfare to strike back at its arch foe. "We can't predict what direction Iran will choose to go in. But what we do know is that Iran acts in a calculated manner and takes very deliberate steps," said Ariane Tabatabai, associate political scientist at the Rand Corporation, a policy think tank in California.

A "Computer virus" has forced foreign currency exchange giant Travelex to shut down its online services and its app - leaving its retail locations to carry out tasks manually and many customers stranded without travel money. The latter said that its bureau-de-change services were offline until further notice because of the Travelex incident.

Foreign currency exchange Travelex has taken its UK website and services offline after malware was found on its systems on New Year's Eve. Founded by Lloyd Dorfman, Travelex is headquartered in London and company provides international payments, currency exchange services, and prepaid credit cards for travelers.

Certain federal agencies, especially units within the Department of Defense, still have plenty of work to do when it comes to sharing cybersecurity information and threat intelligence among themselves as well with the private sector, according to an unclassified report recently sent to Congress. While the audit found that substantial progress has been made on the sharing cybersecurity information and threat intelligence among agencies over the last two years, it pointed to several areas of ongoing concern, including the failure of certain Defense Department units to use appropriate policies and procedures for data sharing.

Two high-severity buffer overflow vulnerabilities patched in the OpenCV library could lead to arbitrary code execution. OpenCV is an open source library that contains over 2,500 optimized computer vision and machine learning algorithms and which aims to accelerate the use of machine perception in commercial products.

Apple has filed an amended complaint in the lawsuit against Corellium and the virtualization company has responded by claiming that the tech giant is using the lawsuit to crack down on jailbreaking. Corellium provides a virtual iPhone that can be used to find vulnerabilities and test the functionality of mobile apps on different versions of the iPhone and iOS. Apple has accused the company of copyright infringement, stating that Corellium was not authorized to copy its products.

It appears the UK banking system is playing a fiscal game of Top Trumps as both Yorkshire and Clydesdale Bank followed yesterday's example set by Lloyds by not processing payments into customer accounts. Yorkshire Bank's customer service orifice on Twitter gave up responding publicly to users just before 10am, presumably to focus on the wave of customers bombarding the bank's news emitter.