Security News > 2020

How can we secure devices and make sure they stay secure? That's where Azure Sphere - Microsoft's defence-in-depth IoT platform that mixes hardware, software, and the cloud to protect your devices and your network - comes in. At the heart of Azure Sphere is a hardened Arm-based microcontroller, designed to deliver what Microsoft calls "The seven properties of highly secured devices".

As of Tuesday, hijacked Twitter accounts were spewing out hundreds of tweets hawking a dodgy looking face mask/toilet paper/digital forehead thermometer online store, according to Motherboard's Vice. On Tuesday, the journalist confirmed on Twitter that his account had been hijacked and used to send out direct messages, purportedly about face masks.

If you haven't yet opted for automatic Apple security updates, it's time to update your iDevices and software again. The security update for Xcode - an integrated development environment for macOS containing a suite of software development tools developed by Apple for developing software for macOS, iOS, iPadOS, watchOS, and tvOS - offers no details about fixed security issues.

Only cyber-incident warranties cover first-party costs from cyber-attacks - why all such warranties were offered by firms selling intangible products is an open question. Consumers should question whether warranties can function as a costly signal when narrow coverage means vendors accept little risk.

Bullguard recently surveyed more than 3,000 SMB owners on the topic of cybersecurity and found that many are not prepared for a security breach. In addition to doing a general security check, SMB leaders should remind employees of security best practices for end users, review and update disaster recovery plans, and establish strong lines of communication among all remote teams.

I'd like to thank everybody for joining us today for our webinar, "5G, the Olympics and Next Generation Security Challenges." Today, we are going to be hearing from a couple of experts in the arena: Russ Mohr who is an engineer and Apple Evangelist at MobileIron; and also Jerry Ray, who is a COO at SecureAge - he works in Tokyo quite a bit, so he will have some feet-on-the-ground information for us, which is great. Something to note about our agenda, clearly: The hook here is that we're going to use the Tokyo Summer Games as a jumping off point to discuss what's possible with 5G technology rolling out.

A vulnerability that OpenWrt addressed in its opkg fork could have been exploited for the remote execution of arbitrary code. "Due to the fact that opkg on OpenWrt runs as root and has write access to the entire filesystem, arbitrary code could be injected by the means of forged.ipk packages with malicious payload," OpenWrt notes in an advisory.

Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS. In terms of security, the attention grabber is iOS/iPad 13.4, which fixes 30 CVEs. As usual, WebKit browser engine and Safari gave Apple plenty to fix, all but one of which were found by sources outside the company, including an arbitrary code execution flaw, CVE-2020-3899, credited to Google's open source fuzzing tool, OSS-Fuzz.

Amid this planet's ongoing pandemic and stay-at-home measures, if you're keen to repurpose all that time previously spent commuting, attending conferences, and so on, why not take a look at the SANS Institute's Online Cybersecurity Training. SANS has been researching and educating the cybersecurity industry since 1989, building its fully GIAC-certified training courses around in-person events held worldwide.

Evasive malware has grown to record high levels, with over two-thirds of malware detected by WatchGuard in Q4 2019 evading signature-based antivirus solutions. Companies of all sizes need to deploy advanced anti-malware solutions that can detect and block these attacks.