Security News > 2021 > July

Node.js fixes severe HTTP bug that could let attackers crash apps
2021-07-30 21:44

Node.js has released updates for a high severity vulnerability that could be exploited by attackers to corrupt the process and cause unexpected behaviors, such as application crashes and potentially remote code execution. In a client-server architecture, if a client application wants to end the connection, it would send an RST STREAM frame to the server.

Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial
2021-07-30 21:13

A number of new incidents have been reported involving CIA officers in the last year or so, a source with direct knowledge told NBC News, including a CIA officer who experienced symptoms in Poland last spring, two CIA officers allegedly hit in East Asia last fall, and incidents in London in May and December 2019. The source said the CIA, using mobile phone location data, had determined that some Russian intelligence agents who had worked on microwave weapons programs were present in the same cities at the same time that CIA officers suffered mysterious symptoms.

NSA Warns Public Networks are Hacker Hotbeds
2021-07-30 21:06

The U.S. National Security Agency is offering advice to security teams looking for wireless best practices to protect corporate networks and personal devices. The NSA advises turning off Bluetooth in public, lest a user be open to a range of attacks such as BlueBorne or BlueBugging - both used to access and exfiltrate corporate data on targeted devices.

CISA launches vulnerability disclosure platform for federal agencies
2021-07-30 20:08

The Cybersecurity and Infrastructure Security Agency today launched a new vulnerability disclosure policy platform for US federal civilian agencies. The newly launched VDP platform service allows Federal Civilian Executive Branch agencies to identify, monitor, and close security gaps in critical systems with the help of ethical hackers worldwide.

Create a VirtualBox virtual machine backup on a Linux host for security
2021-07-30 19:58

Jack Wallen teaches you how to use simple bash scripts to automate backing up your VirtualBox VMs.

Windows 10 now lets you install WSL with a single command
2021-07-30 19:08

Microsoft says the Windows Subsystem for Linux can now be installed on Windows 10, version 2004 or later using a single terminal command. "In the latest Windows Insider Preview builds, you can install everything you need to run WSL just by running wsl.exe -install," Windows Developer Platform Program Manager Craig Loewen said.

Ransomware risk management: How to start preparing for the future now
2021-07-30 18:58

TechRepublic's Karen Roby interviews Brandon Vigliarolo about how the ransomware risk management calculus is changing for OT, ICS and critical infrastructure.

S3 Ep43: Apple 0-day, pygmy hippos, hive nightmares and Twitter hacker bust [Podcast]
2021-07-30 18:18

A new sort of Windows nightmare, this one not involving printers. Another new sort of Windows nightmare, also with no printers.

I Am Parting With My Crypto Library
2021-07-30 17:13

The time has come for me to find a new home for my cryptography library. It's about 150 linear feet of books, conference proceedings, journals, and monographs - mostly from the 1980s, 1990s, and 2000s.

Cryptomining scams target Android app users
2021-07-30 16:56

TechRepublic's Karen Roby interviews Lance Whitney about a recent report that detailed how cryptomining scams targeted Android app users and stole an estimated $350,000 from more than 93,000 people.