privacy Archives - Page 7 of 26 - Cyber Security Minute

Hacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation: Microsoft

Issued by: Security Week

The missing mitigation was flagged by Microsoft in a post mortem of last month’s zero-day attack that hit businesses using the SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP products. Microsoft originally shipped the mitigation — called ASLR (Address Space Layout Randomization) in Windows Vista back in 2006 as part of a larger plan…

Software Security

Adobe Plugs Critical Photoshop Security Flaws

Issued by: Security Week

The flaws, rated critical, expose both Windows and MacOS users to code execution attacks, Adobe said in an advisory released Tuesday. The updates, available for Photoshop 2020 and Photoshop 2021, are being pushed via the software’s automatic updating mechanism. Adobe described the vulnerabilities as memory corruption issues with 7.8 CVSS scores. The company also shipped…

Software Security

Microsoft Launches JIT-Free ‘Super Duper Secure Mode’ Edge Browser Experiment

Issued by: Security Week

The plan is to create a provocatively named “Super Duper Secure Mode” in Edge that deliberately disables support for the browser’s JavaScript JIT (Just-in-Time) compiler while adding a major anti-exploitation roadblock from Intel Corp. The new SDSM test — available in Edge preview builds for select users — essentially rips out JIT, a feature that…

Application Security

Google Patches High-Risk Android Security Flaws

Issued by: Security Week

The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises. The most important of these is a bug in the Media framework that could lead to elevation of privilege on Android 8.1 and 9 devices, or information disclosure, on Android 10 and 11. The…

Application Security

Firefox 90 Drops Support for FTP Protocol

Issued by: Security Week

Built on a client-server model architecture and in use for roughly five decades, FTP allows for the easy transfer of files and folders between computers. However, because data is transmitted unencrypted, the protocol has long been considered insecure. Secure variants do exist, including one that leverages SSL/TLS (FTPS), or the SSH File Transfer Protocol (SFTP)….

Cloud Security

Microsoft Acquires Cloud Security Start-up CloudKnox

Issued by: Security Week

The world’s largest software company said Wednesday it would acquire CloudKnox, a Silicon Valley startup that sells tools to help companies manage and secure access to cloud accounts and data. Financial terms of the deal were not disclosed. CloudKnox, based in Sunnyvale, Calif., raised a total of $22.8 million in venture capital investments since its…

Application Security

Google Rolling Out Security Update for Google Drive

Issued by: Security Week

With this update, the search advertising giant is adding a resource key to sharing links, which will impact access to the files for those users who haven’t yet viewed the files. “Once the update has been applied to a file, users who haven’t viewed the file before will have to use a URL containing the…

Network Security

Mitre Adds D3FEND Countermeasures to ATT&CK Framework

Issued by: Security Week

The project, called D3FEND, is available through the non-profit Mitre Corporation as a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality. Mitre described D3FEND as an “early stage experimental research project”…

Software Security

Google Offers UK Watchdog Role in Browser Cookie Phase-Out

Issued by: Security Week

The U.K. competition watchdog has been investigating Google’s proposals to remove so-called third-party cookies over concerns they would undermine digital ad competition and entrench the company’s market power. To address the concerns, Google on Friday offered a set of commitments including giving the Competition and Markets Authority an oversight role as the company designs and…