News

The government wants to probe into the sources of inciting and provocative messages and posts which have led to violence across the nation, incidents of lynching and various other controversial issues.In order to do so, it has proposed certain guidelines that would require Whatsapp to unveil information regarding the origins of messages.As doing so will contradict the end-to-end encryption WhatsApp provides, the company will oppose the proposed regulations. It will also be violating free speech...

The Joint Standing Committee on Electoral Matters is tasked with overseeing the Australian electoral system, specifically the activities of the Australian Electoral Commission (AEC).Its Status Report , released on Friday, follows the November publication of the Report on the conduct of the 2016 federal election and matters related thereto , which made 31 recommendations to the AEC regarding cybersecurity, in particular where the manipulation of elections was concerned.One of the recommendations made by the committee...

U.S. senators and their staff will receive assistance from the Senate Sergeant at Arms (SAA) to protect their accounts and devices from cyber threats if a bipartisan bill introduced by Senators and Senate Intelligence Committee members Ron Wyden (D-Ore) and Tom Cotton (R-Ark) will be signed into law.The Senate Cybersecurity Protection Act, S. 890, would allow the SAA — which is the one responsible for the Senate’s cybersecurity — to offer opt-in cybersecurity support which...

TP-Link's SR20 Smart Home Router is impacted by a zero-day arbitrary code execution (ACE) vulnerability which allows potential attackers on the same network to execute arbitrary commands as disclosed on Twitter by Google security developer Matthew Garrett.Garrett disclosed the ACE 0-day after TP-Link did not provide a response during the 90 days since his report and, as he explained in the Twitter thread, the zero-day stems from the fact that "TP-Link routers frequently run a...

Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities.Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% of websites across the Internet with more than 250,000 merchants using the open source e-commerce platform. The flaw, which does not have a CVE ID but internally labeled "PRODSECBUG-2198," could allow remote hackers to steal sensitive information...

A former National Security Agency contractor—who stole an enormous amount of sensitive information from the agency and then stored it at his home and car for over two decades—today changed his plea to guilty.The theft was labeled as the largest heist of classified government material in America's history.Harold Thomas Martin III, a 54-year-old Navy veteran from Glen Burnie, abused his top-secret security clearances to stole at least 50 terabytes of classified national defense data from...

Malicious cyber activity increased to almost half of the industrial infrastructure protected by Kaspersky Lab in 2018, but the UK is among the most secure countries, the security firm reports. Malicious activity targeting industrial control systems (ICS) affected 47.2% of computers protected by security firm Kaspersky Lab in 2018, up from 44% in 2017. Source: ComputerWeekly

Cisco acknowledged yesterday that it bungled a crucial patch for a vulnerability in two router models. The company's shoddy initial patches allowed hackers to continue attacks throughout the past two months.The security flaws impact Cisco RV320 and RV325 WAN VPN routers, two models popular with internet service providers and large enterprises. Source: ZDNet

The parking garage used by employees of the Canadian Internet Registration Authority (CIRA) allowed people to park for free after computer systems were infected by ransomware. CIRA is a not-for-profit organization that manages the .CA country code top-level domain (ccTLD) and represents the Canadian domains internationally. Source: BleepingComputer

The Mozilla Foundation yesterday issued a security update for its Thunderbird open-source email client, fixing two critical vulnerabilities involving its IonMonkey JavaScript JIT (just-in-time) compiler. The first of the two flaws, CVE-2019-9810, consists of incorrect alias information when using the Array.prototype.slice method, which could result in a missing bound check and buffer overflow. The second issue, CVE-2019-9813, is described as the mishandling of __proto__ mutations of, which can lead to type confusion in IonMonkey JIT code, allowing...