Security News > 2020

Federal agencies participating in the Office of Management and Budget's Data Center Optimization Initiative report that they are on track with previously announced plans to close hundreds of outdated data centers, but many of the facilities that will continue to operate are at increased risk of being hacked, the U.S. Government Accountability Office warned last week. The new GAO study reveals that due to the lack of reporting requirements for key facilities and lack of proper documentation of decisions on which facilities are exempt from DCOI, agencies might remain exposed to vulnerabilities and oversight of consolidation, and optimization efforts may be impaired.

UK Parliament's Defence Committee is to open an investigation into 5G and Huawei with a special focus on national security concerns. The House of Commons committee, made up of MPs, wants to find out for itself whether or not Huawei poses a threat to national security, something that nobody has ever raised before and which is bound to uncover lots of new and original insights.

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. AMD this weekend said it does not believe these are "New speculation-based attacks" and did not offer any mitigations: "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," said AMD in a Saturday advisory.

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. AMD this weekend said it does not believe these are "New speculation-based attacks" and did not offer any mitigations: "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," said AMD in a Saturday advisory.

Employing techniques usually associated with nation-state threat actors, human-operated ransomware attacks represent a growing threat to businesses, Microsoft warned last week. REvil, Samas, Bitpaymer, and Ryuk are some of the most infamous human-operated ransomware campaigns, but other prolific threat actors have emerged recently, demonstrating a need for comprehensive defenses that can stop the attacks in their infancy, Microsoft says.

The HPE Container Platform is the industry's first enterprise-grade container platform designed to support both cloud-native and non-cloud-native applications using 100 percent open source Kubernetes - running on bare-metal or virtual machines, in the data center, on any public cloud, or at the edge. The HPE Container Platform reduces cost and complexity by running containers on bare-metal, while providing the flexibility to deploy in VMs or cloud instances.

Researchers have identified two new methods for attacking AMD processors, but they are not as dangerous as some of the previously disclosed CPU attacks. The Collide+Probe attack can also be launched remotely via a web browser without user interaction, which the experts have shown through an attack on ASLR. "We evaluated our new attack techniques in different scenarios. We established a high-speed covert channel and utilized it in a Spectre attack to leak secret data from the kernel," the researchers said.

Legitimate-looking links from OneDrive, Google Drive, iCloud, and Dropbox slip by standard security measures. Bad actors have added a new snare to their bag of social engineering tricks- malicious OneDrive, Google Drive, iCloud, and Dropbox links.

How long do Android smartphones and tablets continue to receive security updates after they're purchased? Many millions of users hang on to their Android devices for much longer, which raises questions about their ongoing security as the number of serious vulnerabilities continues to grow.

Australia's privacy watchdog announced legal action against Facebook Monday for alleged "Systematic failures" exposing more than 300,000 Australians to a data breach by Cambridge Analytica. The Office of the Australian Information Commissioner said it had initiated proceedings against the tech giant and that Facebook committed "Serious and/or repeated interferences with privacy".