Microsoft releases patch for Windows zero-day flaw found by Google


Last month, security researchers at Google's Project Zero released details of a zero-day vulnerability in Windows that was being actively exploited.
Hacklers were taking advantage of a Windows Kernel Cryptography Driver security flaw (CVE-2020-117087) to gain elevated privileges in Windows 7, 8, and 10, as well as Windows Server 2008 and higher. As part of yesterday's Patch Tuesday release, Microsoft has now issued a fix for the vulnerability.
Europeans don't trust US tech giants with their data


A new study reveals that 82 percent of Europeans don't trust US tech giants with their personal files, despite increasing reliance on cloud services due to COVID-19.
The survey of 4,500 people across the UK, France and Germany, conducted by pCloud, one of Europe's fastest-growing file-sharing and cloud storage providers, finds the biggest concerns are personal data being used for commercial gain (51 percent) and the possibility of hacks (43 percent).
Dreaming of an insecure Christmas


What do you want for Christmas? How about a coffee maker that can eavesdrop on your conversations, or a fitness tracker that can analyze the tone of your voice?
The fourth-annual Privacy Not Included holiday shopping guide from Mozilla aims to arm shoppers with the information they need to choose gifts that protect the privacy and security of their friends and family while spurring the tech industry to do more to safeguard consumers.
Shift to remote work drives overhaul of enterprise access technology


This year's massive and sudden shift to remote working has boosted the adoption of cloud technology and the security implications of this transition will reverberate for years to come, according to the latest Trusted Access report from Cisco company Duo Security.
Daily authentications to cloud applications surged 40 percent during the first few months of the pandemic, the bulk of these coming from enterprise and mid-sized organizations looking to ensure secure access to services.
DDoS attacks become smarter and easier to carry out


Although ransomware has dominated 2020's cyber threat landscape, DDoS attacks haven’t gone away. In fact the year has seen the largest DDoS attack ever recorded, peaking at 2.3 Terabytes per second.
The attack was carried out by deploying hijacked CLDAP (Connection-less Lightweight Directory Access Protocol) web servers and caused three days of downtime for the unnamed targeted business. This is one of the things highlighted in new analysis from Digital Shadows.
Delivering value to a remote workforce: A practical approach


The overnight switch to remote working triggered by the COVID-19 pandemic has caused an unprecedented amount of change to the usual ways of working. The impact will continue to be felt for the foreseeable future -- and as a result, IT departments’ approach to delivering services to their organizations will need to keep pace with the evolving requirements of this newly remote staff.
To that end, IT needs to embed itself deeper in the organization to understand the unique requirements of every single stakeholder -- be it the C-suite or the manager answering the customer call -- so that those professionals can do their jobs effectively, enabling the business to realize its strategic goals. In practical terms, what does this mean? How can IT departments put these tactics into practice in their enterprises?
Redefining Security post-pandemic: Empowering change control in the new normal


Amid the COVID-19 pandemic, remote working has added a new dimension to the security, compliance, and digital transformation demand landscape. Now, more than ever, it is increasingly important for organizations to embed security solutions and processes that reduce complexity and massively increase the automation of killer manual tasks.
Last month, our team at New Net Technologies had the opportunity to host a virtual panel on securing digital transformation and what COVID-19 means for cybersecurity as we continue to navigate the growing remote workforce. The panel, which consisted of several security experts, focused on the topic of redefining security in a post-pandemic world. The session kicked off with the question, 'Have you noticed a more compliant workforce?'.
The rise of the shopping bot and what it means for security teams [Q&A]


If you've ever tried to order a recently released tech product, like a new game console or the latest hot graphics card only to find it's sold out, you've no doubt felt frustrated. It's even more frustrating when the product then appears on secondary market sites at many times the original price.
What you're seeing here is probably the action of automated shopping bots that scoop up products for resale at a profit. Is this a form of cyber attack or is it just rather shady commercial activity? We spoke to Ameya Talwalker, co-founder of Cequence Security, to find out more about the behavior of these bots and what can be done to curb their activity.
CISOs look for flexibility to manage new security challenges


A new survey of UK CISOs by cybersecurity company F-Secure looks at how IT decision makers are adapting to a fast changing landscape.
With more people working remotely budgets are being moved around to allow businesses to cope with new ways of working and the resulting security vulnerabilities, and 13 percent of respondents say that budgets are going to increase as a direct response to the challenges presented by the pandemic.
Microsoft may have dropped Office 2010 but 0patch will still offer security patches


We have written about the micropatching outfit 0patch several times here on BetaNews. Offering "security patching simplified to the extreme" 0patch has previously offered security fixes for problem with Internet Explorer and Windows 7 either before Microsoft has been able to do so, or after the company has stopped offering support for a particular product.
Now 0patch has done it again, announcing that it has "security adopted" Office 2010. This version of Microsoft's iconic office suite is -- as of October -- no longer officially supported, but 0patch says that it will help keep users secured against vulnerabilities with its micropatches.
Getting real about ransomware [Q&A]


For every high-profile ransomware incident in the headlines, there are many more that never get reported. Particularly among small- and medium-sized businesses, often with small IT and cybersecurity teams, a ransomware attack can be an existential problem.
To understand how companies should respond when they discover they're in the grip of a ransomware threat actor, we spoke with Kurtis Minder, CEO and co-founder of GroupSense, which helps companies navigate through these attacks to get their businesses back online.
Network access to over 7,000 organizations for sale on hacker forums


Hackers have breached 7,500 organizations and are selling network access on multiple Russian hacker forums.
An investigation by CyberNews.com reveals compromised networks located in the USA, Canada, and Australia which include educational, entertainment and bar industry organizations.
Hackers exploit business VoIP system vulnerability


Researchers at Check Point have uncovered a fraud operation targeting more than 1,200 business VoIP phone systems worldwide.
Hackers are exploiting vulnerabilities in the popular Sangoma and Asterisk VoIP phone systems to gain control of the system. They then seek to monetize that access by selling auto-generated calls and forcing systems to call premium numbers owned by the hackers to collect revenues, without the targeted business being aware.
Consumers overconfident of their connected device security


A new study from the National Cyber Security Alliance (NCSA) into perception and behavior around connected device security reveals that most US consumers are confident that the connected devices they own are secure.
However, the survey of 1,000 respondents in two age groups (500 aged 18-34 and 500 aged 50-75) reveals this confidence may be misplaced, along with some interesting generation gaps.
Google issues patches for two serious Chrome zero-day vulnerabilities


Google's Project Zero is very quick to point out security flaws in other company's products, but the search giant is far from being perfect itself. Two recently discovered zero-day vulnerabilities in Chrome have just been fixed with a new patch.
CVE-2020-16009 and CVE-2020-16010 are remote code-execution and heap-based buffer overflow flaws respectively and affect both the desktop and Android versions of Google's web browser.
Recent Headlines
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.