Security News > 2020

Security researchers are warning that networking hardware vendor Zyxel and its Cloud CNM SecuManager software is chock-full of unpatched vulnerabilities that kick open the doors for hackers to exploit. The Zyxel CNM SecuManager is a networking management software solution that provides an integrated console to monitor and manage enterprise security gateways, such as the company's own ZyWALL USG and its VPN series products.

Artificial intelligence is one valuable weapon in the arsenal as it can handle certain tasks faster and more efficiently than can human beings. That's why many security pros still want the human element to play a significant role in their security defense, according to a survey from WhiteHat Security.

The Mirai botnet is known for targeting Internet of Things devices and conducting massive DDoS attacks, as described by cyberthreat researcher Check Point Research. A look at the top cyber threats for February by Check Point Research highlights the latest developments in popular malware strains and vulnerabilities.

Intel this week released patches for more than two dozen vulnerabilities impacting graphics drivers, FPGA, processors, NUC, BlueZ, and other products. The chip maker patched a total of 17 vulnerabilities in its graphics drivers, the most important of which is a buffer overflow that could result in denial of service.

Researchers are warning of an increase in phishing emails that use YouTube redirect links, which help attackers skirt traditional defense measures. If certain malicious URLs are blocked by web browser phishing filters, attackers commonly use a redirector URL to bypass these filters and redirect the victim to their phishing landing page.

SAP on Tuesday released 16 security notes and two updates to previously released patches as part of its March 2020 Security Patch Day, with three of the new notes rated hot news. The most important of the notes address critical missing authorization checks in Solution Manager.

This week we talk about why Let's Encrypt might have to celebrate its billionth certificate twice, wonder if James Bond could hack Siri with ultrasound, and make backups surprisingly interesting. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

TRR is short for Target Row Refresh, a high-level term used to describe a series of hardware protections that the makers of memory chips have been using in recent years to protect against rowhammering. Incidentally, reading out a row essentially wipes its value by discharging it, so immediately after any read, the row is refreshed by saving the extracted data back into it, where it's ready to be accessed again.

Microsoft fixed bugs across a range of products on March's Patch Tuesday, releasing patches for 115 distinct CVEs, with 26 rated critical. The critical bug that cropped up in the most CVEs was in ChakraCore, the scripting engine that handles just-in-time compilation for its browsers.

UPDATE. Microsoft released an emergency out-of-band patch to fix a SMBv3 wormable bug on Thursday that leaked earlier this week. On Wednesday Microsoft warned of a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol - the same protocol that was targeted by the infamous WannaCry ransomware in 2017.