Academics: Russia deployed new technology to throttle Twitter’s traffic
The Russian government appears to be using new technology to censor internet traffic inside its borders, a group of academics studying internet censorship across the globe said in a report published today.
SAP systems usually come under attack 72 hours after a patch
Companies that run on-premises SAP systems usually come under attack 72 hours after security patches are released, SAP and enterprise security company Onapsis said in a joint security alert published today.
Cloudflare says new hCaptcha bypass doesn’t impact its implementation
Web infrastructure and website security provider Cloudflare told The Record last week that a recent academic paper detailing a method to bypass the hCaptcha image-based challenge system does not impact its implementation.
Phone numbers for 533 million Facebook users leaked on hacking forum
A threat actor has published the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum.
GitHub investigating crypto-mining campaign abusing its server infrastructure
Code-hosting service GitHub is actively investigating a series of attacks against its cloud infrastructure that allowed cybercriminals to implant and abuse the company’s servers for illicit crypto-mining operations, a spokesperson told The Record today.
AMD Zen 3 CPUs vulnerable to Spectre-like attacks via PSF feature
US chipmaker AMD advised customers last week to disable a new performance feature if they plan to use CPUs for sensitive operations, as this feature is vulnerable to Spectre-like side-channel attacks.
Google to restrict Android apps from viewing other apps installed on the same device
Google has announced plans today to restrict the ability of Android apps from seeing what other applications are installed on the same device, citing privacy and security reasons.
Ubiquiti confirms it was the target of an extortion attempt, but nothing more
Networking equipment and IoT device vendor Ubiquiti Networks released a statement late last night confirming some of the details exposed
DHS chief lays out a cybersecurity vision with a focus on ransomware and infrastructure
The top official at the Department of Homeland Security announced today a series of 60-day cybersecurity-focused “sprints” aimed at focusing the department’s efforts on ransomware, industrial control systems, and other priorities. Alejandro Mayorkas, who was sworn in as DHS Secretary last month, said during a virtual talk hosted by the RSA Conference that his department is working on a proposal for a “Cyber Response and Recovery Fund” to provide assistance to state, local, tribal and territorial governments dealing with cyberattacks….
IETF officially deprecates TLS 1.0 and TLS 1.1
The Internet Engineering Task Force has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols on the grounds of security after several attacks were discovered over the past years that put encrypted internet communications relying on the two protocols at risk.