Week in review: Windows crypto flaw, API security risks, exploits for Citrix security hole aboundJanuary 19, 2020
Here’s an overview of some of last week’s most interesting news and articles:
Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking
A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers to attackers, a group of Danish researchers has warned.
High-risk Google account owners can now use their iPhone as a security key
Google users who opt for the Advanced Protection Program (APP) to secure their accounts are now able to use their iPhone as a security key.
Exploits for Citrix ADC and Gateway flaw abound, attacks are ongoing
With several exploits targeting CVE-2019-19781 having been released over the weekend and the number of vulnerable endpoints still being over 25,000, attackers are having a field day.
Kubernetes bug bounty program open to anyone, rewards up to $10,000
The Cloud Native Computing Foundation is inviting bug hunters to search for and report vulnerabilities affecting Kubernetes. Offered bug bounties range between $100 to $10,000.
Transact with trust: Improving efficiencies and securing data with APIs
As with any business strategy there are risks, and integration technologies must be used wisely. This rings particularly true when customer data is involved. So, how can organizations reap the rewards of APIs while ensuring consumer data is secure?
Facebook users will be notified when their credentials are used for third-party app logins
Facebook will (finally!) explicitly tell users who use Facebook Login to log into third-party apps what information those apps are harvesting from their FB account.
Security pitfalls to avoid when programming using an API
OWASP’s API Security Project has released the first edition of its top 10 list of API security risks.
A case for establishing a common weakness enumeration for hardware security
As modern computer systems become more complex and interconnected, we are seeing more vulnerabilities than ever before. As attacks become more pervasive and sophisticated, they are often progressing past the software layer and compromising hardware. As a response, the industry has been working to deliver microarchitectural improvements and today, implementing hardware-based security is widely recognized as a best practice.
January 2020 Patch Tuesday: Microsoft nukes Windows crypto flaw flagged by the NSA
As forecasted, January 2020 Patch Tuesday releases by Microsoft and Adobe are pretty light: the “star of the show” is CVE-2020-0601, a Windows flaw flagged by the NSA that could allow attackers to successfully spoof code-signing certificates and use them to sign malicious code or intercept and modify encrypted communications.
Cyber attackers turn to business disruption as primary attack objective
Over the course of 2019, 36% of the incidents that CrowdStrike investigated were most often caused by ransomware, destructive malware or denial of service attacks, revealing that business disruption…