From gbhackers.com
Cisco warns of high severity flaw Cisco Discovery Protocol implementation for Cisco IOS XR Software that allows attackers to execute arbitrary code on the affected device.
Cisco IOS XR is a modern network OS to simplify your network with a flexible, modular design that uses less memory, boots up faster, and can be loaded into a core or access-level device.
From securityboulevard.com
The proliferation of IoT devices, particularly in the workplace, has left businesses with a new set of security challenges to deal with. For any company considering investing in IoT devices, it is important to understand the nature of these challenges and how to address them.
One of the biggest challenges to enterprise IoT adoption is shadow IT. Normally, an organization’s IT department must authenticate and maintain comprehensive visibility over all devices connected to the network. In addition, the large amount of unstructured data that these devices collect broadens the attack surface in the absence of reliable analysis and interpretation.
IoT devices are notorious for data privacy issues, which may serve as an avenue for social engineering and phishing attacks against employees. Other major challenges of IoT devices to enterprise security include ambiguous standards for security and a general lack of security hygiene.
From securityweek.com
Sweden is banning Chinese tech companies Huawei and ZTE from building new high-speed wireless networks after a top security official called China one of the country’s biggest threats.
The Swedish telecom regulator said Tuesday that four wireless carriers bidding for frequencies in an upcoming spectrum auction for the new 5G networks must not use equipment from Huawei or ZTE.
Wireless carriers that plan to use existing telecommunications infrastructure for 5G networks must also rip out any existing gear from Huawei or ZTE, the Swedish Post and Telecom Authority said.
The agency said the conditions were based on assessments by the Swedish military and security service. Huawei said it was “surprised and disappointed” by the rules.
From hotforsecurity.bitdefender.com
Cybercriminals register fake US Census Bureau domains to dupe unsuspecting citizens to provide personal information and install malware, the FBI warns.
In a flash alert published in coordination with the federal government statistical agency, the FBI notes that they have observed around 63 domains impersonating the US Census Bureau.
From securityboulevard.com
he latest edition of the Open Web Application Security Project Top Ten was released in 2017, four years after the previous one. Therefore, we can expect that the new version of this cybersecurity report will be out sometime next year. Let us have a look at the current state of web application security based on Acunetix research (the 2020 Acunetix Web Application Vulnerability Report) and market observation, see how it aligns with the latest OWASP Top 10, and forecast what it may mean for OWASP Top 10 2021.
From techradar.com
The massive Twitter hack that took place back in July came about due to stolen VPN credentials. It has now been revealed that Twitter employees were tricked into handing over their account details by hackers that had managed to create a site that looked identical to the genuine VPN login page.
The hackers telephoned members of staff claiming to be from the social network’s IT department before asking for the relevant credentials. Such claims were believed because VPN issues were commonplace at the time.
The hack made headlines all over the world, with the accounts of high-profile Twitter users – including Barack Obama and Elon Musk – compromised. Many profiles were used to promote a Bitcoin scam.
From threatpost.com
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.
A security researcher has discovered a vulnerability in Google’s Waze app that can allow hackers to identify people using the popular navigation app and track them by their location.
Security DevOps engineer Peter Gasper discovered an API flaw in the navigation software that allowed him to track the specific movements of nearby drivers in real time and even identify exactly who they are, he revealed in a blog post on his research website, “malgregator.”
Waze uses crowd-sourced info aimed at warning drivers about obstacles that may be in their way of an easy commute–such as traffic congestion, construction, accidents and the like—and then suggests alternative and faster routes around these obstacles. The apps also displays the location of other drivers in close proximity as well as their GPS locations.