Security News

How many times have you met someone full of promises and big on talk, only to be disappointed by what results from your engagement with them? Normans not only let organizations down, they adversely affect the information security postures of those organizations by taking valuable time and resources away from other value-added activities. If you know someone who has these traits, they might be a Norman.

Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware. If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.

Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware. If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.

Enveil, a Fulton, Maryland-based data security company, today announced that it has secured $10 million in Series A funding. Founded in 2016, Enveil launched ZeroReveal in July 2018, its commercial homomorphic encryption product that helps protect data while it's being used or processed.

Sudo is included in macOS, but this option was not enabled when we tried it on our Catalina box. If sudo is installed and vulnerable, any user can trigger the vulnerability, even if not listed in the sudoers list of those with sudo privileges.

A patch has been released for a vulnerability in Sudo that can be exploited by an unprivileged attacker to gain full root permissions on the targeted system. Sudo is a popular utility that system administrators can use to allow users to execute some commands as root or another user.

Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative privileges on Linux or macOS systems. Sudo has been designed to let users run apps or commands with the privileges of a different user without switching environments.

At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks. The malicious apps were Camero, FileCrypt, and callCam, so check if you still have them installed.

Your quick summary of infosec news beyond everything else we've reported Roundup Here's your Register security roundup of infosec news about stuff that's unfit for production but fit for print.…

Google this week announced OpenTitan, an open source silicon root of trust (RoT) project that can help ensure that both hardware infrastructure and the software running on it remain in a...