Security News
The United States has signed up for The Paris Call for Trust and Security in Cyberspace - an international effort to ensure the internet remains free and open, and an agreement to put critical infrastructure off limits to electronic attack by sovereign states and other actors. The Paris Call was issued by French president Emmanuel Macron in 2018, as part of that year's Internet Governance Forum held at UNESCO and alongside the Paris Peace Forum.
Impact: A malicious application may be able to modify protected parts of the file system Description: An inherited permissions issue was addressed with additional restrictions CVE-2021-30892: Jonathan Bar Or of Microsoft. As we now know, following an article published by Microsoft researchers after Apple's patches came out, there was a bit more to it that just "Modifying protected parts" of the file system.
Twitter rolled out security keys to its entire workforce and made two-factor authentication mandatory for accessing internal systems following last year's hack. The company migrated all of its employees from legacy 2FA using SMS or authenticator apps to security keys in less than three months, according to Twitter's Senior IT Product Manager Nick Fohs and Senior Security Engineer Nupur Gholap.
A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could be?ome a gateway for a roster of attacks. Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70.
Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine. Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used to execute untrusted code and affects stable release branches 3.x and 2.x of Squirrel.
Mordechai Guri from the abovementioned Ben Gurion University of the Negev in Israel has recently published a new 'data exfiltration' paper detailing an unexpectedly effective way of sneaking very small amounts of data out of a cabled network without using any obvious sort of interconnection. How to split a network into two parts, running at different security levels, that can nevertheless co-operate and even exchange data when needed, but only in strictly controlled and well-monitored ways.
In an update regarding this month's security incident, Twitch downplayed the breach saying that it had minimal impact and only affected a small number of users. "We've undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly," Twitch said.
Russia's SVR spy agency made off with information about US counterintelligence investigations in the wake of the SolarWinds hack, according to people familiar with the American government cleanup operation. The SVR was named and shamed in April by Britain and the US as the organisation that compromised the build systems of SolarWinds' network monitoring software Orion, used by 18,000 customers across the world.
This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and...
Twitch source code and streamers' and users' sensitive information were allegedly leaked online by an anonymous user on the 4chan imageboard. The leaker shared a torrent link leading to a 120GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories.