August 2020 - Page 3 of 4 - Cyber Security Minute

4 best practices to avoid vulnerabilities in open-source code

Issued by: CSO

This year presented even more challenges for ensuring the integrity and security of open-source ecosystems. Open source has been the greatest boon to developers in that virtually anyone can use and customize it, typically at no cost, and contribute to the community. What has been a means of ensuring greater transparency, security and promoting developer…

Vulnerabilities

SAP Releases August 2020 Security Updates

Issued by: Security Week

The most important of these is a cross-site scripting (XSS) flaw in the Knowledge Management component of NetWeaver. Tracked as CVE-2020-6284 and featuring Hot News priority, the issue has a CVSS score of 9. A default component of all SAP Enterprise Portal installations, Knowledge Management allows users to manage data sources in multiple formats, to…

Network Security

4 best practices for managing and tracking SSL and TLS certificates

Issued by: CSO

Most of us take Secured Sockets Layer (SSL) and Transport Layer Security (TLS) for granted, but over time the use of SSL and TLS certificates has dramatically changed. Once, only websites that handled secure transactions provided protection with an SSL certificate. Now search engines demand everything is protected with certificates. Because attackers have used weaknesses…

Vulnerabilities

Businesses prioritize security and collaboration tools to manage sustained remote work environments

Issued by: Help Net Security

77 percent of IT professionals believe they were prepared to manage the rapid shift to remote work during the COVID-19 outbreak, according to TeamViewer. Among those surveyed, the percentage working from home had abruptly jumped from 28 percent prior to the pandemic to 71 percent during the outbreak. The survey included more than 200 IT…

Network Security

Ericom Application Isolator separates corporate apps from unauthorized users to prevent ransomware

Issued by: Help Net Security

Ericom Software announced the introduction of Ericom Application Isolator, a new solution that integrates with existing remote access VPNs and Next Generation Firewalls to secure corporate applications and data from the security risks associated with excessive access rights inside a network. Ericom Application Isolator addresses the security risks created by the broad access rights granted…

Vulnerabilities

18 (new) ways attackers can compromise email

Issued by: CSO

All organizations wrestle with chronic phishing attacks that are the primary vectors through which malicious actors breach systems and spread malware. Most phishing attackers deliver their payloads on networks by crafting spoofed emails that look like they come from legitimate, authoritative senders. Those look-alike emails instead derive from domains deployed solely for malicious purposes. It’s…

Cloud Security

Why the rapid transition to cloud demands that DevOps shift left

Issued by: Help Net Security

To accommodate remote work policies amid COVID-19, companies have increasingly adopted the public cloud to support off-site business continuity. A MarketsandMarkets analysis found that due to the impact of the current crisis, the cloud market is expected to grow from $233 billion in 2019 to $295 billion by 2021. The transition to remote work by…

Mobile Security

Vulnerabilities in Qualcomm Chips Expose Billions of Devices to Attacks

Issued by: Security Week

During a presentation at DEF CON last week, Check Point security researcher Slava Makkaveev revealed how vulnerabilities in the compute digital-signal processor (DSP) – a subsystem that enables the processing of data with low power consumption – could open the door for Android applications to perform malicious attacks. The proprietary subsystem is licensed for programming…

Vulnerabilities

Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks

Issued by: Security Week

Cybersecurity firm ESET reported in February that billions of Wi-Fi-capable devices may have been at one point affected by a vulnerability that could have been exploited to obtain sensitive information from wireless communications. The security hole, named Kr00k and tracked as CVE-2019-15126, caused affected devices to use an all-zero encryption key to encrypt some of…

Vulnerabilities

TeamViewer flaw could be exploited to crack users’ password

Issued by: Help Net Security

A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation. About TeamViewer TeamViewer is an application developed by German company TeamViewer GmbH and is available for Windows, macOS, Linux, Chrome OS, iOS, Android, Windows RT Windows Phone 8 and BlackBerry…