Security News > 2021 > August

Tom Merritt tells us the things that are getting in the way of autonomous car adoption. Here are five autonomous car road blocks we need to overcome.

We've known for some time that passwords are nearing the end of their usefulness, and a passwordless future is often discussed despite the fact that passwords continue to be the standard. With all of us still using passwords in our daily lives it's hard to see passwordless security as a readily available technology, but it is.

The FBI and CISA urged organizations not to let down their defenses against ransomware attacks during weekends or holidays in a joint cybersecurity advisory issued earlier today.While the FBI and CISA do not have any info regarding potential attacks within upcoming holidays and weekends, they gave as examples the attacks on the networks of Colonial Pipeline, JBS, and Kaseya.

Expert: Information management can also lead to a massive value proposition in being able to tap into governed data for business insights. TechRepublic's Karen Roby spoke with Kon Leong, CEO and co-founder of ZL Technologies, a data management company, about data privacy and governance.

A pair of security vulnerabilities in the WooCommerce Dynamic Pricing and Discounts plugin from Envato could allow unauthenticated attackers to inject malicious code into websites running unpatched versions. The plugin, which has 19,700+ sales on Envato Market, offers a variety of pricing and promotion tools for online retailers, including special offers, bulk pricing, tiered pricing, bundle pricing, deals of the day, flash sales, wholesale pricing, member pricing, individual pricing, loyalty programs, behavioral pricing, location-based pricing and so on.

Coinbase, the world's second-largest cryptocurrency exchange with approximately 68 million users from over 100 countries, has scared a significant amount of its users with erroneous 2FA warnings. As the crypto exchange revealed over the weekend in a Twitter thread, it accidentally alerted roughly 125,000 customers that their 2FA settings had have been changed on August 28, between 1:45 pm PST and 3:07 pm PST. In a Friday incident report, Coinbase explained that the notifications were sent in error and that customers are not required to take any action to restore their 2FA settings.

Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit of a compromised system. In a short post on a hacker forum, someone offered to sell the proof-of-concept for a technique they say keeps malicious code safe from security solutions scanning the system RAM. The seller provided only an overview of their method, saying that it uses the GPU memory buffer to store malicious code and execute code.

On Monday, QNAP put out two security advisories about OpenSSL remote-code execution and denial-of-service bugs, fixed last week, that affect its network-attached storage devices. Many popular open-source programming libraries that support it - including OpenSSL, LibreSSL and BoringSSL, "Have kept old-school product names for the sake of familiarity," Ducklin commented in a recent drilldown into the OpenSSL bugs.

Docker announced a new subscription plan for enterprises and free access to Docker Desktop for personal use, educational institutions, non-commercial open-source projects and small businesses. First, Docker is introducing a new product subscription: Docker Business.

Figure A. Outside of the features Private Compute Core will bring to your device, one of the more important things it does is store data separate from all apps and services, while making that data available to the operating system when required. With Private Compute Core at work, that data is processed within its own sandbox, away from everything else, and then the captions are presented for your viewing.