Security News
There's a growing unease amongst the cybersecurity community around the recent rise in misinformation and fake domains, Neustar reveals. 48% of cybersecurity professionals regard the increase in misinformation as a threat to the enterprise, with 49% ranking the threat as 'very significant'.
The latest series of Patch Tuesday security updates for Windows 10 includes patches for 17 bugs marked 'Critical' and 97 listed as 'Important'. Microsoft has issued fixes for 120 vulnerabilities - including two zero-day exploits - in its latest Patch Tuesday security update for Windows 10.
A ban by President Donald Trump's administration on Chinese mobile apps such as TikTok and WeChat risks fragmenting an already fragile global internet and creating an American version of China's "Great Firewall." Fears about the global internet ecosystem intensified this week with Trump's executive orders banning the popular video app TikTok and Chinese social network WeChat, following a US government directive to prohibit the use of other "Untrusted" applications and services from China.
Crucial steps toward building such an internet are already underway in the Chicago region, which has become one of the leading global hubs for quantum research. One of the hallmarks of quantum transmissions is that they are exceedingly difficult to eavesdrop on as information passes between locations.
US officials and scientists have begun laying the groundwork for a more secure "Virtually unhackable" internet based on quantum computing technology. At a presentation Thursday, Department of Energy officials issued a report that lays out a blueprint strategy for the development of a national quantum internet, using laws of quantum mechanics to transmit information more securely than on existing networks.
Isolation technology allows companies to keep employee browsers siloed in the cloud. To deal with this deluge of new threats, dozens of the world's biggest organizations are turning to isolation technologies and techniques to protect employees from the kind of common mistakes cybercriminals are increasingly taking advantage of.
Rapid7's research found that the security of the internet overall is improving. Vulnerabilities and exposures still plague the modern internet even with the increasing adoption of more secure alternatives to insecure protocols, like Secure Shell and DNS-over-TLS. "We were surprised to see that recent incidents appear to have had no obvious effect on the fundamental nature of the internet, however it is possible that we have yet to see the full impact," said Tod Beardsley, Director of Research at Rapid7.
It all came to light this week after Comparitech's Bob Diachenko spotted 894GB of records in an unsecured Elasticsearch cluster that belonged to UFO VPN. The silo contained streams of log entries as netizens connected to UFO's service: this information included what appeared to be account passwords in plain text, VPN session secrets and tokens, IP addresses of users' devices and the VPN servers they connected to, connection timestamps, location information, device characteristics and OS versions, and web domains from which ads were injected into the browsers of UFO's free-tier users. A few days later, on July 5, the data silo was separately discovered by Noam Rotem's team at VPNmentor, and it became clear the security blunder went well beyond UFO. It appears seven Hong-Kong-based VPN providers - UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN - all share a common entity, which provides a white-labelled VPN service.
Someone has been scanning the internet in search of SAP systems affected by the recently disclosed vulnerability dubbed RECON. The scanning activity started just as a researcher released a proof-of-concept exploit. Onapsis, a company specializing in the protection of business-critical applications, revealed on Tuesday that many SAP products that use the NetWeaver AS Java technology stack could be exposed to remote attacks due to a critical vulnerability tracked as CVE-2020-6287 and dubbed RECON. A remote and unauthenticated attacker who has access to the targeted system can exploit CVE-2020-6287 to create a new SAP admin user, allowing them to gain full control of the system.
Network administrators are urged to patch their F5 BIG-IP application delivery controllers following the disclosure of a pair of critical remote takeover bugs. The flaws in question, CVE-2020-5902 and CVE-2020-5903, lie within in a configuration tool known as the Traffic Management User Interface.