Cybersecurity News
Citrix Warns of Critical Flaws in XenMobile Server
Citrix said that it anticipates malicious actors "will move quickly to exploit" two critical flaws in its mobile device management software.
12 August 2020
Why & Where You Should You Plant Your Flag
Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.12 August 2020
Threats vs. Thrift: Running Effective AppSec During a Global Crisis
By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.12 August 2020
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.12 August 2020
TikTok Surreptitiously Collected Android User Data Using Google-Prohibited Tactic
App concealed the practice of gathering device unique identifiers using an added layer of encryption.
12 August 2020
Adobe tackles critical code execution vulnerabilities in Acrobat, Reader
This month’s security update fixes a variety of critical and important bugs in the software.12 August 2020
Agent Tesla Spyware Adds Fresh Tricks to Its Arsenal
The RAT is surging in 2020, becoming more prevalent than even the infamous TrickBot or Emotet malware.
11 August 2020
Researchers Trick Facial-Recognition Systems
Goal was to see if computer-generated images that look like one person would get classified as another person.11 August 2020
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.11 August 2020
Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
One of the two zero-day bugs is rated ‘critical’ and is classified as a remote code-execution bug impacting Microsoft’s Internet Explorer.
11 August 2020
Developers Need More Usable Static Code Scanners to Head Off Security Bugs
As companies "shift left" -- pushing more responsibility for security onto developers -- the tools that are available are falling short, usability researchers say.11 August 2020
Microsoft Patch Tuesday, August 2020 Edition
Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it's time once again to backup and patch up!11 August 2020
Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules
A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and compute modules.
11 August 2020
Symmetry Systems Emerges from Stealth
Company behind Data Store and Object Security (DSOS) becomes public knowledge following a $3 million seed round of funding.11 August 2020
Zoom Vulnerabilities Demonstrated in DEF CON Talk
A security researcher demonstrated multiple vulnerabilities, two of which could let an attacker read and steal user data.11 August 2020
Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days
Microsoft says attackers have used a Windows zero-day to spoof file signatures and another RCE in the Internet Explorer scripting engine to execute code on users' devices.11 August 2020
Is Edtech the Greatest APT?
Educational technology is critical but can come at huge costs to student and teacher privacy and security. Are those costs too high?11 August 2020
Critical Adobe Acrobat and Reader Bugs Allow RCE
Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader.
11 August 2020
EU-US Privacy Shield Dissolution: What Happens Next?
In a world that isn't private by design, security and liability implications for US-based cloud companies are huge.11 August 2020
Threema joins the ranks of E2EE chat apps that support encrypted video calls
Other E2E chat apps that support encrypted video calls include Signal, WhatsApp, Wickr, and Wire.11 August 2020