Security

For years, Android’s security and privacy teams have been wrestling the world’s most popular mobile operating system to make it more controllable and updatable while still being open source and easy to deploy. And while scams, malware, and rogue apps are still real threats, the debut of Android 13 at Google’s I/O developer’s conference on Wednesday feels less like triage mode and more like a logical iteration. As Charmaine D'Silva, Android’s director of product management puts it, “This is the release where we bring it all together.”

In recognition of Georgia Tech's 2021 Codebreaker Challenge victory, a team from National Security Agency's (NSA) Academic Outreach team jointly hosted an in-person celebration at Georgia Institute of Technology's CODA Tech Square with Georgia Tech's School of Cybersecurity and Privacy.
 

Researchers are marveling at the scope and magnitude of a vulnerability that hackers are actively exploiting to take full control of network devices that run on some of the world's biggest and most sensitive networks.

For more than a decade, we’ve been promised that a world without passwords is just around the corner, and yet year after year, this security nirvana proves out of reach. Now, for the first time, a workable form of passwordless authentication is about to become available to the masses in the form of a standard adopted by Apple, Google, and Microsoft that allows for cross-platform and cross-service passkeys.

Security experts have been banging the multifactor authentication drum for years, encouraging users to move away from just relying on the username/password combination to secure their most sensitive accounts. Now GitHub is done with encouraging: By the end of 2023, all users who contribute code to GitHub-hosted repositories must have one or more forms of two-factor authentication enabled, the company says.

Administrators need to patch their Cisco Enterprise Network Function Virtualisation Infrastructure Software (NFVIS) to address several critical flaws, rated as 9.9 out of 10 on the Common Vulnerabilities Scoring System (CVSS).

In its advisory, Cisco said the vulnerabilities could allow an attacker to escape from guest virtual machines to the host server. Attackers could also inject commands as the root superuser, and leak system data from the host server to the virtual machine.

A cryptocurrency platform was recently on the receiving end of one of the biggest distributed denial-of-service attacks ever after threat actors bombarded it with 15.3 million requests, content delivery network Cloudflare said.

The median number of days an attacker dwells in a system before detection fell from 24 days in 2020 to 21 days in 2021, according to the M-Trends 2022 report by cybersecurity company Mandiant. The biggest year-on-year decline in median dwell time occurred in the APAC region, where it dropped from 76 days in 2020 to 21 days in 2021.

Vulnerabilities recently discovered by Microsoft make it easy for people with a toehold on many Linux desktop systems to quickly gain root system rights— the latest elevation of privileges flaw to come to light in the open source OS.

Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE).

The flaw, now patched, made it possible to "execute commands remotely within VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report exclusively shared with The Hacker News.