Join us every Tuesday for the CyberWire's Word Notes, a short podcast that defines a cybersecurity term drawn from our glossary. (And we'll even pronounce it for you, so you'll never be embarrassed again by thinking "SIEM" is pronounced "seem" instead of "sim," or by committing the gaffe of saying "nap" when you meant "NMAP.") But best of all, you'll hear concept and context. Download and enjoy the debut here.
Use Recorded Future Express over any web-based SIEM, vulnerability management solution, security blog, and more to put real-time security intelligence at your fingertips. Instantly prioritize alerts, incidents, and vulnerabilities based on real-time risk scores from the world’s largest commercial collection platform. Sign up now at no cost.
Internet blackout in Belarus. Insecure PNG National Data Centre. A Chrome bug is reported, Zoom is sued, and exam prep leaks.
In the aftermath of a contested election that saw long-time incumbent president Alexander Lukashenko returned to office with a nominal eighty percent of the vote, Belarus has apparently shut down most Internet access in the country, Vice reports. The New York Times said yesterday that the US had condemned the elections as fraudulent, and deplored the Internet shutdowns.
A report prepared at the request of Papua New Guinea’s National Cyber Security Centre by an investigator contracted by Australia’s Department of Foreign Affairs and Trade concludes that Papua’s National Data Centre is insecure, Computing reports. Huawei built and staffed the National Data Centre in 2018. Computing’s account suggests careless implementation, but the Australian Financial Review is harshly direct: the Centre was “built to spy.”
PerimeterX says it’s found a zero-day that affected Chromium-based browsers and permitted attackers to bypass browser enforcement of CSP rules. The vulnerability existed in Chrome versions 73 (March 2019) through 83 (July 2020).
According to the Washington Post, Zoom is being sued by the group Consumer Watchdog, which alleges that the company misled consumers about the quality of encryption the service provided.
The Register reports that NCC Group has confirmed that some of its internal training data leaked onto GitHub. The material (in a folder named “cheatsheets”) “appeared to be a collection of exceptionally frank and well informed training materials” designed to prepare personnel to pass Crest pentest certification exams.
Today's issue includes events affecting Australia, Belarus, Canada, China, Ghana, India, New Zealand, Papua New Guinea, Russia, the United Kingdom, and the United States.
Almost none. They're hard to build and hard to maintain, but ExtraHop put in the work to give you full access to Reveal(x) network detection and response without any forms or marketing hype. Enter the live demo now!