Week in review: UN hacked, new Kali Linux release, Win7 upgrade dilemma

Here’s an overview of some of last week’s most interesting news and articles:

Kali Linux 2020.1 released: New tools, Kali NetHunter rootless, and more!
Offensive Security have released Kali Linux 2020.1, which is available for immediate download.

You can upgrade Windows 7 for free! Why wouldn’t you?
Windows 7 has been Microsoft’s most successful operating system and, it’s safe to say, one of the most loved. Lessons learned from Windows XP, and especially Vista, allowed Microsoft to build a stable operating system that only required one Service Pack, despite being in use for over 10 years. However, nothing lasts forever, and with Windows 7 end-of-support originally announced way back in 2015, the end ultimately arrived on January 14, 2020.

Most AV vendors will continue to support their products under Windows 7
Earlier this month, Windows 7 – the most beloved Windows version up to date – has reached end-of-support. Businesses of all sizes can still pay to receive extended security updates (ESUs) to keep their systems secure while they plan their upgrade, but home users don’t have that option.

Magento patches critical code execution vulnerabilities, upgrade ASAP!
Adobe-owned Magento has plugged multiple critical vulnerabilities in its eponymous content management system, the most severe of which could be exploited by attackers to achieve arbitrary code execution.

How industries are evolving their DevOps and security practices
There’s significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet’s report based on nearly 3,000 responses.

UN hacked: Attackers got in via SharePoint vulnerability
In summer 2019, hackers broke into over 40 (and possibly more) UN servers in offices in Geneva and Vienna and downloaded “sensitive data that could have far-reaching repercussions for staff, individuals, and organizations communicating with and doing business with the UN,” The New Humanitarian reported on Wednesday.

Photos: Cybertech Global Tel Aviv 2020
Cybertech Global Tel Aviv is one of the largest B2B networking events in the cyber industry, outside of the United States. Every year, the event attracts thousands of attendees, mainly C-level executives, investors, professionals, and government officials from all over the world. Help Net Security is on-site this year, and here’s a look at the event.

How to detect and prevent issues with vulnerable LoRaWAN networks
IOActive researchers found that the LoRaWAN protocol – which is used across the globe to transmit data to and from IoT devices in smart cities, Industrial IoT, smart homes, smart utilities, vehicle tracking and healthcare – has a host of cyber security issues that could put network users at risk of attack. Such attacks could cause widespread disruption or in extreme cases even put lives at risk.

Researchers develop new optical stealth encryption technology
The first all optical stealth encryption technology that will be significantly more secure and private for highly sensitive cloud-computing and data center network transmission, has been introduced by BGN Technologies.

Make your own security key with Google’s OpenSK
Google has open-sourced OpenSK, firmware that, combined with an affordable chip dongle, allows you to make your own security key to use for authentication purposes.

Microsoft invites gamers and researchers to new Xbox bug bounty program
Gamers, security researchers, and technologists have been invited to identify security vulnerabilities in Xbox network and services and report them to Microsoft. Bounty rewards will range from $500 to $20,000 USD.

Critical RCE flaw in OpenSMTPD, patch available
Qualys researchers have discovered a critical vulnerability (CVE-2020-7247) in OpenBSD’s OpenSMTPD mail server, which can allow attackers to execute arbitrary shell commands on the underlying system as root.

Top 10 policy trends to watch for globally in 2020
The 10 top trends that will drive the most significant technological upheavals this year have been identified by Access Partnership.

93% of attempted mobile transactions in 2019 were fraudulent
Fraudsters appear to target some app categories more than others. Ironically, apps designed to make a device function better and make everyday life easier are the ones most likely to be harmful.

Are businesses prepared for an extinction-level cyber event?
In an era of technological transformation and cyber everywhere, the attack surface is exponentially growing as cyber criminals attack operational systems and backup capabilities simultaneously in highly sophisticated ways leading to enterprise-wide destructive cyberattacks, a Deloitte survey reveals.

52% of companies use cloud services that have experienced a breach
Seventy-nine percent of companies store sensitive data in the public cloud, according to a McAfee survey.

Data breach: Why it’s time to adopt a risk-based approach to cybersecurity
With cybercriminals representing a persistent risk to enterprise wellbeing, it’s little wonder that CEOs, CFOs, CISOs and CIOs now view cybersecurity as a top priority.

Security risks for e-scooters and riders exposed
A research out of UTSA finds e-scooters have risks beyond the perils of potential collisions. Computer science experts at UTSA have published the first review of the security and privacy risks posed by e-scooters and their related software services and applications.

2019 saw more data breaches, fewer sensitive records exposed
According to a new Identity Theft Resource Center report, the number of U.S. data breaches tracked in 2019 (1,473) increased 17 percent from the total number of breaches reported in 2018 (1,257). However, 2019 saw 164,683,455 sensitive records exposed, a 65 percent decrease from 2018 (471,225,862). The 2018 Marriott data breach exposed 383 million records alone, significantly skewing the data.

2020: A year of deepfakes and deep deception
Over the past year, deepfakes, a machine learning model that is used to create realistic yet fake or manipulated audio and video, started making headlines as a major emerging cyber threat. The first examples of deepfakes seen by the general public were mainly amateur videos created using free deepfake tools, typically of celebrities’ faces superimposed into pornographic videos.

Recommendations for navigating the dynamic cybercrime landscape
In this interview, Mark Sangster, VP & Industry Security Strategist at eSentire, talks about the most pressing issues CISOs are dealing with in today’s fast-paced threat environment.

How to prioritize IT security projects
If you’re an IT security professional, you’re almost certainly familiar with that sinking feeling you experience when presented with an overwhelming number of security issues to remediate. It’s enough to make you throw your hands up and wonder where to even begin.

New infosec products of the week: January 31, 2020
A rundown of the most important infosec products released last week.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss