August 2020

Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.   Most criminal activity is designed to elicit a payoff for the perpetrator, and crime on the Internet is no different. As new surfaces emerge, previous attacks are reconstituted and applied. Cybersecurity tends to follow a cycle, once you know when and what to look for. To (poorly) paraphrase...

Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants.   Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate limiting enabled "an attacker...

A high percentage of discovered bugs remain unremediated for a long time, a new study shows.   Chances are high that almost every single application an organisation uses has at least one security vulnerability in it.   Contrast Security recently analysed telemetry gathered between June 2019 and May 2020 from applications in development, testing, and operations at customer locations. The exercise found 96% of applications contained at least one...

Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations (DJI) that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers.   The twin reports, courtesy of cybersecurity firms Synacktiv and GRIMM, found that DJI's Go 4 Android app not only asks...

A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older.   By the way, if someone is still using Windows 7, they deserve to get hacked, including many organisations without extended support, because it's only a matter of time before they'll be a victim of...

Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers.   The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers take complete control of the targeted systems, eventually gaining surveillance over the application...

The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.   A new buzzword invading the marketing materials of cybersecurity vendors is Standing for Secure Access Service Edge (SASE). The term, coined by Gartner, refers to a technology trend in support of cloud-based applications and remote working, in which networking and security functionality converge...