November 2020 - Page 4 of 5 - Cyber Security Minute

Routers, NAS Devices, TVs Hacked at Pwn2Own Tokyo 2020

Issued by: Security Week

Due to the COVID-19 pandemic, the competition has been turned into a virtual event and Pwn2Own Tokyo is actually coordinated by Trend Micro’s ZDI from Toronto, Canada, with participants demonstrating their exploits remotely. Organizers have offered significant prizes for exploits targeting a wide range of mobile and IoT devices, but participants have only focused on…

Network Security

What’s stopping job seekers from considering a career in cybersecurity?

Issued by: Help Net Security

he cybersecurity industry no longer has an image problem, but many things are still stopping individuals from considering a career in cybersecurity: a high cost of entry (the need for more education /certification / technical knowledge / training), the inability to code and the perception of the field as too intimidating. In addition to this,…

Vulnerabilities

How fake news detectors can be manipulated

Issued by: Help Net Security

Fake news detectors, which have been deployed by social media platforms like Twitter and Facebook to add warnings to misleading posts, have traditionally flagged online articles as false based on the story’s headline or content. However, recent approaches have considered other signals, such as network features and user engagements, in addition to the story’s content…

Malware & Threats

In Q2 2020, there was an average of 419 new threats per minute

Issued by: Help Net Security

McAfee released a report examining cybercriminal activity related to malware and the evolution of cyber threats in Q2 2020. During this period, there was an average of 419 new threats per minute as overall new malware samples grew by 11.5%. A significant proliferation in malicious Donoff Microsoft Office documents attacks propelled new PowerShell malware up…

Vulnerabilities

Quantum computers: How to prepare for this great threat to information security

Issued by: Help Net Security

The race is on to build the world’s first reliable and truly useful quantum computer, and the finish line is closer than you might think – we might even reach it this decade. It’s an exciting prospect, particularly as these super-powerful machines offer huge potential to almost every industry, from drug development to electric-vehicle battery…

Vulnerabilities

Cisco Working on Patch for Code Execution Vulnerability in VPN Product

Issued by: Security Week

The Cisco AnyConnect Secure Mobility Client is designed to provide secure VPN access for remote workers. According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker to cause an AnyConnect user to execute a malicious script. The vulnerability is related to…

Vulnerabilities

How to buy Bitcoin for ransomware payment (if you must)

Issued by: CSO

Law enforcement agencies across the world advise companies that are victims of ransomware attacks not to pay the ransom. Aside from the risk of criminals taking the money and running, paying encouraging further attacks and potentially could be illegal depending on where the money is being sent. The US Treasury Department’s Office of Foreign Assets…

Vulnerabilities

How do I select a compliance solution for my business?

Issued by: Help Net Security

A recent survey revealed that, on average, organizations must comply with 13 different IT security and/or privacy regulations and spend $3.5 million annually on compliance activities, with compliance audits consuming 58 working days each quarter. As more regulations come into existence and more organizations migrate their critical systems, applications and infrastructure to the cloud, the…

Software Security

Review: Specops Password Policy

Issued by: Help Net Security

Specops Password Policy is a powerful tool for overcoming the limitations of the default password policies present in Microsoft Active Directory environments. To be fair, Microsoft did revise and upgrade the default password policy and introduced additional, granular fine-tuning options over the years, but for some enterprise environments that’s still not enough, so Specops Password…

Network Security

NAT Slipstreaming: Visiting Malicious Site Can Expose Local Network Services to Remote Attacks

Issued by: Security Week

Dubbed NAT Slipstreaming, the attack can be triggered when the victim visits a specially crafted website, exploiting the browser and Application Level Gateway (ALG), a connection tracking mechanism present in firewalls, NATs, and routers. According to the researcher, the attack chains “internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation…