Security Technology

Plus: A LiveJournal hack, Qatar's contact tracing privacy failure, and more of the week's top security news. from Security Latest https://ift.tt/2TQlZwg

Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. The findings are from a paper "DABANGG: Time for Fearless Flush based Cache Attacks" published by a pair of researchers, Biswabandan Panda and Anish Saxena, from the Indian from The Hacker News https://ift.tt/36JtPg7

Mitron (means "friends" in Hindi), you have been fooled again! Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords. I am sure many of you already know what TikTok is, and those still unaware, it's a from The Hacker News https://ift.tt/302lB1F

Alphabet Inc's Google on Saturday said it has postponed next week's planned unveiling of the beta version of its latest Android 11 mobile operating system in light of protests and unrest in the United States. from Reuters: Technology News https://ift.tt/2ArG70z

Video conferencing provider Zoom plans to strengthen encryption of video calls hosted by paying clients and institutions such as schools, but not by users of its free consumer accounts, a company official said on Friday. from Reuters: Technology News https://ift.tt/36Gg1TO

Zoom , the video conferencing provider whose business has boomed with the COVID-19 pandemic, plans to strengthen encryption on video calls made by paying clients and institutions like schools, but not for users of its popular free accounts, a company official said Friday. from Reuters: Technology News https://ift.tt/3dgEfWZ

A Cisco informou nesta quinta-feira (28) que seis servidores da empresa foram comprometidos devido a atividade de hackers . Segundo a fabricante de produtos de telecomunicações , os agentes maliciosos afetaram sistemas do serviço de Virtual Internet Routing Lab Personal Edition (VIRL-PE), que permite a clientes criarem e testarem topologias de rede - isto é, a organização dos elementos de uma rede de comunicação - sem a necessidade de instalar equipamentos. Os hackers exploraram falhas críticas no serviço de software de código aberto Salt que estruturava os servidores da Cisco. O Salt é muito usado para serviços de automação, bem como na implantação de gerenciamento de sistemas de data centers. Brechas de segurança As vulnerabilidades do software vieram a público no fim de abril, porém, a Cisco detectou as brechas de segurança em suas redes somente no dia 7 de maio. A empresa então desativou os servidores, e promoveu ajustes para remediar o problema. A companhia lançou duas atu...

Italian magistrates have placed an Italian unit of Uber Technologies under special administration as part of an investigation into alleged exploitation of food delivery riders, three people familiar with the case said on Friday. from Reuters: Technology News https://ift.tt/2AqhSzR

Chinese gaming company Beijing Kunlun Tech Co Ltd said on Friday that a U.S. national security panel approved the $620 million sale of popular gay dating app Grindr to an investor group called San Vicente Acquisition LLC. from Reuters: Technology News https://ift.tt/36GG79a

A Agência de Segurança Nacional americana (NSA) divulgou que o grupo de hackers militares russos conhecido como Sandworm Team tem explorado uma aplicação servidora de e-mails desde agosto de 2019. O mesmo grupo interferiu nas eleições presidenciais dos EUA em 2016, desencadeando um ataque de malware devastador no ano seguinte. O comunicado da agência publicado na quinta-feira (28) foi incomum, visto que a vulnerabilidade crítica no Exim Mail Transfer Agent - geralmente executado em sistemas operacionais do tipo Unix - foi identificada há quase um ano, quando um patch foi lançado. Na época, foi pedido aos usuários atualizarem o Exim para a versão mais recente. Reprodução Falha atinge o servidor de e-mails Exim/Foto: Reprodução A falha que está sendo explorada, CVE-2019-10149, permite que um invasor remoto execute comandos e códigos de sua escolha. Os hackers se aproveitaram do deslize e acessaram a aplicação usando um e-mail criado especificamente para tal. Eles conseguiram ...

U.S. President Donald Trump threatened on Friday to stop looters in Minneapolis with deadly military force, after that city weathered a third night of arson and rioting over the police killing of an unarmed black man. from Reuters: Technology News https://ift.tt/3daL50i

Robots that speak more than 53 languages, detect fever and determine if people are wearing face masks properly have been rolled out in Belgium as a first line of control in hospitals and shops. from Reuters: Technology News https://ift.tt/36JpVnq

Original release date: May 29, 2020 VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory VMSA-2020-0011 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. from CISA All NCAS Products https://ift.tt/3gBBxxq

Original release date: May 29, 2020 Cisco has released security updates to address SaltStack FrameWork vulnerabilities in Cisco Modeling Labs Corporate Edition (CML) and Virtual Internet Routing Lab Personal Edition (VIRL-PE). A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates or workaround.   This product is provided subject to this Notification and this Privacy & Use policy. from CISA All NCAS Products https://ift.tt/3dgEIbM

A empresa de pesquisa de segurança norueguesa Promon descobriu uma nova vulnerabilidade crítica que pode afetar uma grande quantidade de smartphones Android . A falha permite que hackers mascarem aplicativos maliciosos como qualquer outro e, dessa forma, rastreiem o usuário tendo acesso a informações pessoais. Chamada StrandHogg 2.0 e com o número CVE-2020-0096, a vulnerabilidade está presente em todos os celulares com Android, com exceção daqueles que possuem a versão mais recente do sistema operacional, o Android 10 . Isso quer dizer que milhões de dispositivos podem ser afetados, já que o Google afirmou que apenas 16% dos 2,5 bilhões de dispositivos tiveram a última versão instalada. A mesma empresa norueguesa descobriu a StrandHogg original no fim de 2019. Segundo os especialistas, a falha era usada para roubar informações bancárias , senhas , logins e monitorar a atividade do usuário. Segundo a Promon, o StrandHogg 2.0 permite ataques ainda mais complexos. Via: GizChina ...

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how, over the past five years, the cybercriminal underground has seen a major shift to new platforms, communications channels, products, and services. Also, read about a new wave of Sandworm cyberattacks against email servers conducted by one of Russia’s most advanced cyber-espionage units. Read on: How the Cybercriminal Underground Has Changed in 5 Years Trend Micro has been profiling the underground cybercrime community for many years. Over the past five years, it has seen a major shift to new platforms, communications channels, products, and services, as trust on the dark web erodes and new market demands emerge. Trend Micro expects the current pandemic to create yet another evolution, as cyber-criminals look to take advantage of new ways of working and systemic vulnerabilities. Shadowserver, an Internet Guardia...

Germany's market regulator said on Friday it was investigating whether Markus Braun, the CEO of payments firm Wirecard, had violated insider-trading rules by buying stock during the quiet period before publication of its annual report. from Reuters: Technology News https://ift.tt/3et666E

India's Wipro Ltd on Friday named Thierry Delaporte as the new chief executive officer and managing director of the IT company, replacing Abidali Neemuchwala. from Reuters: Technology News https://ift.tt/36EdPw7

Uber Technologies Inc on Friday said it would offer rides by the hour in some U.S. cities, a feature aimed at helping Americans with essential trips during the coronavirus pandemic. from Reuters: Technology News https://ift.tt/2ZKGZZ3

By, Hillel Sollow, Serverless Security R&D If you are a security professional or at least someone who cares enough about security you will appreciate the importance of restricting privilege access to resource as a means to maximize security. More so, if you are familiar with AWS serverless technology, you should also be familiar with the… The post Least Privilege for AWS Lambda Security appeared first on Check Point Software . from Check Point Software https://ift.tt/2TSfybR