Security News
Microsoft says that customers can now disable JScript execution in Internet Explorer 11 after installing the Windows October 2020 monthly security updates. "Blocking Jscript helps protect against malicious actors targeting the JScript scripting engine while maintaining user productivity as core services continue to function as usual," Microsoft explains.
The Internet Engineering Task Force has published RFC8915, its proposed standard for network time security. The existing issues affecting basic NTP include DDoS amplification, packet manipulation, and replay attacks - the last two being implemented by man-in-the-middle attacks that can forge messages and falsify the time.
Cloudflare partners with Internet Archive to make sites available when their origin servers are down
By partnering with the Internet Archive, Cloudflare is strengthening its Always Online solution that makes sites available when their origin servers are down and keeps the Internet functioning for users globally. To do this, the Internet Archive uses the same crawling infrastructure that has allowed its Wayback Machine to archive over 465 billion web pages to date.
The Internet Society has launched the first-ever regulatory assessment toolkit that defines the critical properties needed to protect and enhance the future of the Internet. The Internet Impact Assessment Toolkit is a guide to help ensure regulation, technology trends and decisions don't harm the infrastructure of the Internet.
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency on Wednesday ordered US federal agencies outside the defense and intelligence communities to develop a working vulnerability disclosure policy. "An open redirect - which can be used to give off-site malicious content the appearance of legitimacy - may not be on par with a fire, yet serious vulnerabilities in internet systems cause real-world, negative impacts every day," he said.
A new report finds that 33% of companies within the digital supply chain expose common network services such as data storage, remote access, and network administration to the internet. Admins should either eliminate direct internet access or deploy compensating controls for when/if such services are required, according to the report by RiskRecon, a Mastercard company, and the cybersecurity research services firm Cyentia Institute.
33% of companies within the digital supply chain expose common network services such as data storage, remote access and network administration to the internet, according to RiskRecon. The data was analyzed in two strategic ways: the direct proportion of internet-facing hosts running unsafe services, as well as the percentage of companies that expose unsafe services somewhere across their infrastructure.
There's a growing unease amongst the cybersecurity community around the recent rise in misinformation and fake domains, Neustar reveals. 48% of cybersecurity professionals regard the increase in misinformation as a threat to the enterprise, with 49% ranking the threat as 'very significant'.
The latest series of Patch Tuesday security updates for Windows 10 includes patches for 17 bugs marked 'Critical' and 97 listed as 'Important'. Microsoft has issued fixes for 120 vulnerabilities - including two zero-day exploits - in its latest Patch Tuesday security update for Windows 10.
A ban by President Donald Trump's administration on Chinese mobile apps such as TikTok and WeChat risks fragmenting an already fragile global internet and creating an American version of China's "Great Firewall." Fears about the global internet ecosystem intensified this week with Trump's executive orders banning the popular video app TikTok and Chinese social network WeChat, following a US government directive to prohibit the use of other "Untrusted" applications and services from China.