Cyber Security News November 2020

This posting is here to collect cyber security news November 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

cybergedeon_flame_color

58 Comments

  1. Tomi Engdahl says:

    RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
    https://www.tau.ac.il/~tromer/acoustic/

    Reply
  2. Tomi Engdahl says:

    Google Chrome Update Gets Serious: Homeland Security (CISA) Confirms Attacks Underway
    https://www.forbes.com/sites/daveywinder/2020/11/15/google-chrome-update-gets-serious-homeland-security-cisa-confirms-attacks-underway/

    Within the space of just three short weeks, Google has patched no less than five potentially dangerous vulnerabilities in the Chrome web browser.

    These are not your common vulnerabilities either, but rather ones known as zero-days. A zero-day being a vulnerability that is being actively exploited by attackers while remaining unknown to the vendor or threat intelligence outfits.

    Once the vendor becomes aware of the security flaw, day zero, it can start to mitigate against exploitation but not before. The attackers, therefore, have a head start.

    Reply
  3. Tomi Engdahl says:

    Microsoft Confirms Serious Windows 10 Password Problem—Here’s The 5 Step Fix
    https://www.forbes.com/sites/daveywinder/2020/11/14/microsoft-confirms-serious-windows-10-password-problem-heres-the-5-step-fix/

    Windows 10 can’t remember passwords for some users, Microsoft has confirmed. Here’s the 5 step workaround.

    Windows 10 users have complained about apps, including Outlook, OneDrive, Chrome and Edge, forgetting their passwords since the May 2020 update. That update to Windows 10 2004 happened back in April, yet the password problem still remains.

    Reply
  4. Tomi Engdahl says:

    COVIDSafe data ‘incidentally’ collected by intelligence agencies in first six months
    By Justin Hendry on Nov 23, 2020 5:45PM
    https://www.itnews.com.au/news/covidsafe-data-incidentally-collected-by-intelligence-agencies-in-first-six-months-558129

    But not decrypted, access or used, IGIS says.
    One or more of Australia’s key intelligence and security agencies “incidentally” collected data relating to the COVIDSafe contact tracing app in its first six months of operation.

    But there is no evidence to suggest that any of the data was decrypted, accessed or used, the Inspector-General of Intelligence and Security (IGIS) has found.

    Under the Privacy Act, agencies that incidentally collect COVIDSafe app data during a “lawful collection of information” are required to delete it “as soon as practicable”.

    IGIS is now planning to independently verify that COVIDSafe app data has been “deleted as soon as practicable after an agency becomes aware that it has been collected” over the next six months.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*