Security News > 2020

U.S. Sen. Mark R. Warner this week sent letters to six Internet networking device vendors urging them to ensure that their products remain secure during the COVID-19 social distancing efforts. The coronavirus pandemic has forced many to isolate themselves at home to help stop the virus spread, which resulted in a significant increase in the use of Internet networking devices for remote work, health, and education purposes.

Nextcloud allows you to enforce groups to use two-factor authentication. With Nextcloud Hub you can enable 2FA globally, for individuals, or for groups.

With so many people and organizations using Microsoft Office 365, phishers who exploit this brand can target a vast amount of people as a way to steal their account credentials, as described by Vade Secure. Phishing attacks that exploit Office 365 come in different varieties, according to Adrien Gendre, chief solutions architect at Vade Secure.

Researchers said the Apple VPN bypass bug in iOS fails to terminate all existing connections and leaves a limited amount of data unprotected, such as a device's IP address, exposing it for a limited window of time. "Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," researchers explained in a technical analysis of the flaw.

If you make use of the Firefox Multi-Container Account add-on, it now includes the ability to sync your customizations across your Firefox account. I've covered the installation and setup of this app in my post, How to use the Firefox Multi-Account Containers extension.

While we wait for Microsoft to provide fixes for the two new Windows RCE zero-days that are being exploited in "Limited targeted Windows 7 based attacks," ACROS Security has released micropatches that can prevent remote attackers from exploiting the flaws. In a blog post published on Thursday, ACROS Security CEO Mitja Kolsek explained which attack vectors can be used to exploit the vulnerabilities and why Windows 10 users are at a lower risk of attack.

Roid apps are snooping on other software on your device - and that could tell shady advertising companies more about you than you'd like. The researchers studied 14,342 free Android apps in the Google Play Store, along with 7,886 open-source Android apps.

Converting websites from HTTP to HTTPS over the last decade must count as one of the most successful quiet security upgrades ever to affect web browsing. There are some HTTPS security caveats worth mentioning, but before getting to them we'll start with the news that that Mozilla's Firefox will, from May's version 76, offer the option to browse in an HTTPS-only mode.

GitHub this week announced that it has paid out over $1 million in rewards to the security researchers participating in its bug bounty program on HackerOne. The security bug bounty program was launched on the hacker-powered platform in 2016, but GitHub has been accepting vulnerability reports since February 2014.

The majority of primary campaign websites of United States presidential candidates run code that can pose security and privacy risks to consumers, The Media Trust has discovered. The security firm has monitored 11 websites during September and December 2019, and discovered that 81% of them execute code from third-party entities unmanaged by the candidate teams.