Tuesday, March 31, 2020

Huawei’s Worrying New China Problem Just Got Worse: Here’s Why

Huawei used its 2019 results to threaten retaliation against the U.S. But the company now has serious problems closer to home.

Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC

Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.

Defense Evasion Dominated 2019 Attack Tactics

Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.

OpenWRT is vulnerable to attacks that execute malicious code

Enlarge (credit: OpenWRT) For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
SC Magazine

Privacy in critical care after telehealth demands jump

As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...

Zoom’s privacy problems are growing as platform explodes in popularity

Enlarge / Zoom's San Jose, Calif., headquarters looks like a lovely place to be socially distanced from. (credit: Smith Collection | Gado | Getty Images) We have several more weeks, if not several more months, to go in...
TechRepublic

FBI warns about Zoom bombing as hijackers take over school and business video conferences

Teleconferences are being disrupted by internet trolls shouting profanity and racist remarks and posting pornographic and hate images.
ZDNet

FCC tells US telcos to implement caller ID authentication by June 30, 2021

FCC says all US telcos must use the new SHAKEN/STIR protocol to support caller ID authentication by June, next year.

Comcast waiving data caps hasn’t hurt its network—why not make it permanent?

Enlarge (credit: Aurich Lawson / Getty Images) Back in the before times, when a larger percentage of the human race roamed the Earth, i.e., several weeks ago, Comcast customers had to deal with something called a "data cap."...

Marriott Got Hacked. Yes, Again

The hotel chain has suffered its second major breach in 16 months. Here's how to find out if you're affected.

What Needs To Be In A CIO’s Communication Framework For COVID-19

CIOs are keeping the digital lifelines open for every business while enabling employees, customers, partners, and suppliers to continue working during the COVID-19 pandemic
TechRepublic

Two Exabeam employees at RSA conference who tested positive for COVID-19 are recovering

Exabeam's employees are recovering from coronavirus. Both tested positive for COVID-19 after attending RSA in San Francisco.
SecurityWeek

Internet Society Expands Program for Secure Internet Routing Framework

CDNs and Cloud Providers Join Initiative to Improve Security of Internet's Routing System Failure in internet routing security leads to major outages, stolen data, hijacking, lost revenue and more, with more than 12,000 routing outages in 2018 alone. The Mutually...

Researchers Uncover Unsophisticated – But Creative – Watering-Hole Attack

Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.
SecurityWeek

Palo Alto Networks to Acquire CloudGenix for $420 Million

Palo Alto Networks on Tuesday announced that it has entered into a definitive agreement to acquire enterprise SD-WAN solutions provider CloudGenix for roughly $420 million. Palo Alto Networks’ Prisma Access solution enables organizations to protect remote networks and mobile users,...
The Register

Epic Games floats $1m bounty to ID source of ‘commercial smear’ claiming Houseparty chat app has been hacked

Lots of non-savvy users may be recycling previously hacked creds Group video chat app Houseparty has offered a $1m bounty to identify what it claims is an organised campaign to falsely depict it as a hackers' backdoor.…
TechRepublic

Keep these privacy considerations in mind when using Zoom at home for work collaboration

The platform allows a host to monitor users' activities while screen sharing, as well as access to a participant's device information and other details.
ZDNet

Marriott discloses new data breach impacting 5.2 million hotel guests

Marriott says a hacker gained access to the accounts of two employees.

Why Third-Party Risk Management Has Never Been More Important

Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.
DHS

BD Pyxis MedStation and Pyxis Anesthesia (PAS) ES System

This advisory contains mitigations for a protection mechanism failure vulnerability in BD Pyxis medical devices.
DHS

Hirschmann Automation and Control HiOS and HiSecOS Products

This advisory contains mitigations for a classic buffer overflow vulnerability in Hirschmann Automation and Control HiOS and HiSecOS software.
DHS

Mitsubishi Electric MELSEC

This advisory contains mitigations for an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC programmable controllers.
DHS

Schneider Electric Modicon Controllers (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-20-016-01 Schneider Electric Modicon Controllers that was published January 16, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for several improper check for unusual or...
F5 Networks

BIG-IP HTTP profile vulnerability CVE-2020-5857

BIG-IP HTTP profile vulnerability CVE-2020-5857 Security Advisory Security Advisory Description Undisclosed HTTP behavior may lead to a denial of service. (CVE-2020-5857) Impact This vulnerability ...