June 2021 - Page 4 of 5 - Cyber Security Minute

Canada Privacy Watchdog Slams Police Use of Facial Recognition Tool

Issued by: Security Week

In a report to lawmakers, privacy commissioner Daniel Therrien said Clearview AI‘s collection of images without consent and the Royal Canadian Mounted Police (RCMP)’s use of that database were illegal. The software startup has stockpiled more than three billion images grabbed from popular social media platforms including Facebook, Instagram, Twitter and YouTube, as well as millions…

Vulnerabilities

Google Patches Chrome Zero-Day Used by Commercial Exploit Company

Issued by: Security Week

Ten of the issues were reported by external security researchers: one rated critical severity, seven high severity, and two medium severity. All are patched in Chrome 91.0.4472.101 for Windows, Mac and Linux. The most severe of these is CVE-2021-30544, a critical use-after-free bug that impacts BFCache, a browser optimization meant to enable instant back and…

Network Security

Honeywell Launches OT Cybersecurity Monitoring and Response Service

Issued by: Security Week

The new service, named Advanced Monitoring and Incident Response (AMIR), is part of Honeywell’s Forge managed security services offering. It’s designed to help security teams detect and respond to attacks targeting industrial control systems (ICS) and operational technology (OT) networks. Honeywell says AMIR is designed to continuously monitor OT environments for suspicious events. It collects…

Vulnerabilities

Intel Releases 29 Advisories to Describe 73 Vulnerabilities Affecting Its Products

Issued by: Security Week

According to Intel, more than half of the bugs were discovered internally and 40% were reported through its bug bounty program. The newly addressed issues represent more than half of the 132 potential vulnerabilities the company patched since the beginning of 2021 — 56 of them in graphics, networking, and Bluetooth components. The most severe…

Malware & Threats

Cisco Smart Install Protocol Still Abused in Attacks, 5 Years After First Warning

Issued by: Security Week

Cisco describes Smart Install as a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. Smart Install can be very useful for organizations, but it can also pose a serious security risk. Once a device has been set up through Smart Install, the feature remains enabled and it can be accessed without…

Vulnerabilities

WAGO Controller Flaws Can Allow Hackers to Disrupt Industrial Processes

Issued by: Security Week

The vulnerabilities were found in the WAGO PFC200 programmable logic controller (PLC) and they have been patched by the vendor. One of flaws, tracked as CVE-2021-21001 and rated critical severity, has been described as a path traversal issue related to a CODESYS component used by the device. It allows an authenticated attacker with network access…

Vulnerabilities

CISA Announces Vulnerability Disclosure Policy Platform

Issued by: Security Week

Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch (FCEB) agencies identify and address vulnerabilities in critical systems. The platform was launched in support of Binding Operational Directive (BOD) 20-01, through which the Department of Homeland Security (DHS) instructed all…

Malware & Threats

Russian Hackers Use New ‘SkinnyBoy’ Malware in Attacks on Military, Government Orgs

Issued by: Security Week

Active since at least 2007 and also tracked as Fancy Bear, Pawn Storm, Sednit, Strontium, and Tsar Team, APT28 is well known for its cyber-espionage operations targeting the 2016 Presidential elections in the United States, but is also associated with attacks on NATO countries and with activities against organizations in the energy and transportation sectors….

Application Security

New Google Tool Helps Developers Visualize Dependencies of Open Source Projects

Issued by: Security Week

In an effort to help developers gain a better perspective into the packages their open-source projects rely on, Google has introduced Open Source Insights, an exploratory visualization site that offers a view of dependencies, in an organized and accessible way. One of the main issues that Open Source Insights aims to address is related to…

Malware & Threats

White House urges private sector to enhance their ransomware defenses

Issued by: Help Net Security

In light of the ransomware attacks hitting high-profile targets such as the Colonial Pipeline and JBS, the White House has issued an open letter to private sector companies, urging them to do their part to stymie the threat. The Federal Government is working with partners around the world to disrupt and deter ransomware actors, by…