Security News, Features, and Interviews

• Cisco directs high priority patches for IP phone security exposures

  Cisco has advised customers using its 7800 and 8800 series IP phones they should patch a variety of high-priority vulnerabilities.

• Quantum computing will break encryption in a few years

  Quantum technology’s set to make public-key infrastructure obsolete before too long, but it might also keep your data secure.

• VMware firewall takes aim at defending apps in data centre, cloud

  VMware has taken the wraps off a firewall​ it says protects enterprise applications and data inside data centers​ or clouds.

• What is Cryptojacking?

  'Cryptojacking' is a term used to describe the action of secretly using a computer to mine cryptocurrency.

• WebAuthn: What you need to know about the future of the passwordless Web

  Hate passwords? We all do. So Microsoft, Google, and other browser makers have made WebAuthn to replace passwords with your fingerprint and facial recognition.

• Cisco uncorks 26 security patches for switches, firewalls

  Cisco is patching holes in software for Nexus 3000, 3500, 7000, 9000 switches and for Firepower 4100 Series next-generation firewall and Firepower 9300.

• Malicious URLs now rampant: study

  Malicious URLs are now rampant problem according to a study which found they are contained in an average of one in every 61 emails.

• One in three organisations suffered data breaches due to mobile devices

  New Verizon report shows a big gap between organisations' mobile security risk concerns and mobile security best practices they implement.

• What is shadow IoT? How to mitigate the risk

  When someone in your organization starts using internet-connected devices without IT’s knowledge, that’s shadow IoT. Here's what you need to know about its growing risk.

• Cisco warns a critical patch is needed for a remote access firewall, VPN and router

  Cisco is warning organisations with remote users that have deployed a particular Cisco wireless firewall, VPN and router to patch a critical vulnerability in each.

• ICANN urges adopting DNSSEC - now

  Continuing attacks on directory name services have prompted ICANN to prompt enterprise DNS uses to push their suppliers for DNSSEC services to block some of these attacks that can compromise corporate data.

• Get ready for the age of sensor panic

  Cameras, microphones and other sensors are showing up everywhere. And this is just the beginning.

• Cisco warns on Hyperflex security vulnerabilities

  Cisco has identified two “High” security vulnerabilities in its HyperFlex data centre package that could let attackers gain control of the system.

• Attackers place crypto-jacking apps in Microsoft App Store

  Microsoft has removed eight applications from its app store for Windows that were mining Monero crypto-currency without users' knowledge.

• Google open sources ClusterFuzz

  Google has open sourced its software testing tool ClusterFuzz.

• Batten down the DNS hatches as attackers strike Feds

  DHS warns federal agencies of DNS attacks and offers best practices to help mitigate the situation.

• Cisco patches serious SD-WAN software security holes

  Cisco has patched security vulnerabilities in four packages of SD-WAN Solution software that address buffer overflow and other vulnerabilities

• Start-up Devvio claims its blockchain can handle 8M transactions a second

  The new blockchain protocol, Devv, was demoed at CES; backers say it outperforms other distributed ledger technologies and traditional financial networks such as VisaNet. Analysts are skeptical.

• ICANN housecleaning will revoke old DNS security key this week

  ICANN will complete the switchover this week to a new internet security key that protects DNS, the internet's address book. The old Root Key Signing Key will be decomissioned Jan. 10.

• Cisco patches a critical patch on its software license manager

  Cisco today said it patched a “critical” patch for its Prime License Manager (PLM) software that would let attackers execute random SQL queries.