Top News

• Cybersecurity Risks Soar as Coronavirus Pushes More People to Work from Home

Top News

• U.S. Govt. Makes it Harder to Get .Gov Domains

"The federal agency in charge of issuing .gov domain names is enacting new requirements for validating the identity of people requesting them."

Link

TLP¹ : Green

Top News

• Malware campaign employs fake security certificate updates

"Crooks are using a new phishing technique to trick victims into accepting the installation of a security certificate update and deliver malware."

Link

TLP¹ : Green

Top News

• Cisco addresses high severity RCE flaws in Webex Player

"Cisco has released security updates to fix multiple vulnerabilities in various products, including two remote code execution flaws in Webex Player. "

Link

TLP¹ : Green

Top News

• Brave comes out on top in browser privacy study

"By contrast, two web browsers share identifiers that are tied to the device hardware and so persist even across fresh installs "

Link

TLP¹ : Green

Top News

• 10-Year Old Facebook OAuth Framework Flaw Discovered

"A researcher has found a serious vulnerability in the Facebook platform that could allow hijacking anyone’s Facebook account. For discovering this OAuth Framework flaw, Facebook awarded a hefty bug bounty to the researcher."

Link

TLP1 : Green

Top News

• Firefox Enables DNS over HTTPS by Default in the United States

"Mozilla is turning on DNS over HTTPS by default for users in the United States and is making it available for users throughout the rest of the world if they choose it. The goal is to make it more difficult for Internet service providers (ISP) and other interested third parties to know what websites people access."

Link

Top News

• Hackers share SQL databases from unsecured AWS buckets, including the archive belonging to the BGR tech news site in India

"Hackers are sharing SQL databases from unsecured Amazon S3 buckets, one of them belongs to the BGR tech news site in India."

Link

TLP¹ : Green

Top News

• Billions of Devices Open to Wi-Fi Eavesdropping Attacks

"The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others."

Link

TLP¹ : Green

Top News

• CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys

"This most recent Patch Tuesday, Microsoft released an Important-rated patch to address a remote code execution bug in Microsoft Exchange Server. This vulnerability was reported to us by an anonymous researcher and affects all supported versions of Microsoft Exchange Server up until the recent patch."