Security News > 2020

The CISO Checklist for Secure Remote Working was built to assist CISOs in navigating through COVID-19, providing them with a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times. The CISO Checklist for Secure Remote Working was built to assist CISOs in navigating through this noise, providing them with a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times.

Two security researchers used a 3D printer and fabric glue to create a fake fingerprint that fooled authentication sensors 80% of the time. The biggest challenge was getting the size right for the fake fingerprint; 1 percent too small or too large and the fake fingerprint did not work.

A memo sent out this week to all NASA personnel warns that the agency has seen a significant increase in cyberattacks, including phishing and malware attacks, while its employees work remotely during the COVID-19 outbreak. The memo, obtained by space news website SpaceRef, reveals that the number of email phishing attempts doubled in the past few days and there has been an "Exponential increase" in malware attacks on NASA systems.

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years,...

We'll refer to this one a Fourthytuesday instead, now that Firefox has reduced its update wavelength to four weeks to get important-but-not-zero-day-critical fixes out just that bit more frequently. If your automatic update hasn't happened yet, a manual check will let you "Jump the queue" and get the update a bit sooner.

Victims of early versions of Microsoft's Active Directory can breathe a sigh of relief: the software giant has snapped up the infamous corp.com domain. The sale potentially put hundreds of thousands of Windows PCs at risk due to some iffy Active Directory settings around the time of Windows 2000 Server and equally iffy practices at companies setting up Microsoft's then latest and greatest.

The latest twist in the romance arrived this week when the company published details of Integrity Policy Enforcement, a Linux Security Module designed to check the authenticity of binaries at runtime. The Linux kernel has long supported LSMs for different specialised purposes, but Microsoft has spotted a gap in the protections these offer in server environments, specifically its own Azure Sphere IoT platform.

The agency that oversees online addresses on Tuesday called for those issuing website addresses to vigilantly thwart cyber scams exploiting coronavirus fears. The Internet Corporation for Assigned Names and Numbers took the unusual step of firing off a letter to "Registrars" entrusted with the business of issuing website names around the world.

The world has never seen a smart toilet like this, which is described in a new study from Stanford University that was published in Nature Biomedical Engineering on Monday. Sure, you can get a "Smart" toilet that offers ambient colored lighting, wireless Bluetooth music sync capability, heated seat, foot warmer, and automatic lid opening and closing, but regular, not-all-THAT-smart-after-all toilets can't diagnose disease.

Governments worldwide have released COVID-19 mobile apps to provide citizens with useful information and, in some cases, to track individuals in an effort to contain the coronavirus outbreak. An analysis of dozens of nation and government-sponsored mobile applications for Android released to help with the current COVID-19 pandemic has revealed the existence of privacy risks, vulnerabilities and backdoors, ZeroFOX says in a post highlighting three of the analyzed apps.