Security News > 2021 > January

Intel has gingerly dipped a toe into the face-based authentication market with the launch of its RealSense ID product. In terms of security, Chipzilla has made some bold claims, stating RealSense ID has a one-in-one-million false acceptance rate and can withstand the usual attempts to circumvent face-based authentication tools, like masks and photographs, with - according to its RealSense webpage - a spoof acceptance rate of less than 0.1 per cent.

A free micropatch fixing a local privilege escalation vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform. This PsExec zero-day is caused by a named pipe hijacking vulnerability which allows attackers to trick PsExec into re-opening a maliciously created named pipe and giving it Local System permissions.

The National Security Agency this week issued guidance for National Security System, Department of Defense, and Defense Industrial Base cybersecurity decision makers, system admins, and network security analysts to replace obsolete versions of the Transport Layer Security protocol. While older versions of the security protocols, namely SSL, TLS 1.0, and TLS1.1, have been deprecated in many existing online services and applications, there still are systems that rely on these insecure protocols, thus exposing entire networks.

Website owners are receiving emails threatening to ruin their reputation if they do not post a five-star review for a cryptocurrency exchange. Today, BleepingComputer received an extortion email through our contact form demanding we post a 5-star review and perform two likes/shares for the coinmama.com cryptocurrency exchange.

Website owners are receiving emails threatening to ruin their reputation if they do not post a five-star review for a cryptocurrency exchange. Today, BleepingComputer received an extortion email through our contact form demanding we post a 5-star review and perform two likes/shares for the coinmama.com cryptocurrency exchange.

An update released this week by Google for Chrome 87 patches 16 vulnerabilities, including 14 rated high severity. The company has awarded more than $100,000 for these vulnerabilities.

The Administrative Office of the U.S. Courts is investigating a potential compromise of the federal courts' case management and electronic case files system which stores millions of highly sensitive and confidential judiciary records. US Judiciary is also working on immediately adding extra safeguards and security procedures to protect the highly sensitive court documents filed with the courts.

Several potentially serious vulnerabilities discovered in Fortinet's FortiWeb web application firewall could expose corporate networks to attacks, according to the researcher who found them. Fortinet this week informed customers about the availability of patches for a total of four vulnerabilities affecting its FortiWeb product.

Find out why experts suggest focusing on cyber-resilience instead of piling on more cybersecurity solutions. Financial losses, scarred reputations, and customer mistrust seem to indicate cybersecurity is a poor gamble and only worth the financial drain to make it difficult for cybercriminals-similar to how door locks keep honest people honest.

This information disclosed to the Facebook Companies already adds up to a fair bit of data, includes users' account registration information, such as phone number; transaction data; service-related information; data on how users interact with others, including businesses; mobile device information,; IP address; as well as other info identified as information users have given the service consent to collect, according to WhatsApp. The expansion in data sharing between the two platforms will now ask users to provide payment account and transaction information to WhatsApp, according to one report.