Nightfall InfoSec Roundup: February 17 to February 24

Exploits & Vulnerabilities


PayPal ‘Critical’ Login Hack: New Report Warns You Are At Risk From Thieves-Here’s The Reality

It has been a tough few weeks for online payments giant PayPal. First came the confirmation that an authentication hack would enable an attacker to access an account once credentials had been phished, and now another security report claims the entire authentication process can be bypassed.

[Read More]



Google Chrome 80 Security Warning: U.S. Government Says Update Again

The Cybersecurity and Infrastructure Security Agency is encouraging Google users to update again just weeks after the Chrome 80 release. Heres what you need to know. Earlier this month, version 80 of the Google Chrome browser was released. A release that caused something of an immediate kerfuffle with warnings that cookie changes could break stuff, and even potential new privacy concerns.

[Read More]



Google Is Letting People Find Invites to Some Private WhatsApp Groups

Google is indexing invite links to WhatsApp group chats whose administrators may want to be private. This means with a simple search, random people can discover and join a wide range of WhatsApp group chats. “Your WhatsApp groups may not be as secure as you think they are,” Jordan Wildon, a multimedia journalist for German outlet Deutsche Welle, tweeted on Friday.

[Read More]



7 of the World’s Top 10 Open Source Packages Come with This Warning

Of the world’s top 10 most-used open source packages, seven are hosted on individual developer accounts, the Linux Foundation’s Core Infrastructure Initiative has warned, “For legal, bureaucratic, and security reasons, individual developer accounts have fewer protections associated with them than organizational accounts in a majority of cases.”

[Read More]



Three API security risks in the wake of the Facebook breach

Facebook recently pledged to improve its security following a lawsuit that resulted from a 2018 data breach. The breach, which was left open for more than 20 months, resulted in the theft of 30 million authentication tokens and almost as much personally identifiable information. A “View As” feature that enabled developers to render user pages also let attackers obtain the user’s access token.

[Read More]



Critical Cisco Bug Opens Software Licencing Manager to Remote Attack

A critical flaw in the High Availability (HA) service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn’t directly connected to the internet.

[Read More]


Ongoing Risks & Threats


The State of Cybersecurity in 2020: Five Key Trends

As technology and the Internet have evolved dramatically over the past decade, so too has both the occurrence and potential impact of cyberthreats. We believe there are five key trends that will shape cybersecurity industry in 2020. Here’s a closer look at them, as well as what organizations can do to better protect themselves.

[Read More]



Municipal Cyberattacks Put Us All at Risk: What Can We Learn From Previous Attacks?

2019 was a tough year for the overall cybersecurity of state and local governments and municipal institutions. If you follow security news, there were times when not a week would go by without word of how the latest municipal cyberattacks impeded or even halted day-to-day operations.

[Read More]



High-risk vulnerabilities and public cloud-based attacks on the rise

A sharp increase (57%) in high-risk vulnerabilities drove the threat index score up 8% from December 2019 to January 2020, according to the Imperva Cyber Threat Index.

[Read More]



Is your IT partner your biggest cybersecurity threat?

Numerous accounts of IT service provider and MSP breach are now being reported worldwide, and once the IT service provider is breached, so are their clients networks. Think about the access your IT service provider has to your systems, the passwords they hold, the direct access they have to your servers, systems, cloud platforms and data.

[Read More]


Share this post: