SecurityWeek

Google this week announced an update to its Chrome store policies that requires all extensions to be explicit about the collection and use of user data.The changes, which will be enforced in January 2021, follow previous policies that require extensions to only request those permissions they need to implement their features.

Updates released on Wednesday for the Drupal content management system (CMS) patch a remote code execution vulnerability related to failure to properly sanitize the names of uploaded files.

State-sponsored programs from China, Russia, Iran and North Korea pose the greatest high-tech threats to Canada, a report from the nation's authority on cyber security warned Wednesday."The number of cyber threat actors is rising, and they are becoming more sophisticated", the Canadian Centre for Cyber Security said.

Cisco this week announced the availability of software updates that address multiple vulnerabilities across several products, including bugs leading to unauthorized access to Webex meetings.

Firefox 83 has been released to the stable channel with a new feature meant to improve the security of its users, namely HTTPS-Only Mode.The new feature is designed to prevent eavesdropping, especially when it comes to websites containing sensitive information, such as emails, financial data, or medical details.

A new report demonstrates that the size of the problem for financial services created by the COVID-related switch to remote working can only be solved by automation.

Palo Alto Networks security researchers identified more than 20 Amazon Web Services (AWS) APIs that can be abused to obtain information such as Identity and Access Management (IAM) users and roles.

As the number of online devices surges and superfast 5G connections roll out, record numbers of companies are offering handsome rewards to ethical hackers who successfully attack their cybersecurity systems.

Microsoft this week announced the preview availability of endpoint detection and response (EDR) capabilities for Linux.The functionality was released to the public as part of the Microsoft Defender for Endpoint for Linux solution, and is meant to help server admins easily identify attacks.

Email security solutions provider Abnormal Security on Wednesday announced raising $50 million in a Series B funding round, which brings the total raised by the company to $75 million.

Amazon Web Services (AWS) on Tuesday announced the general availability of AWS Network Firewall, a managed security service designed to help customers protect their virtual networks.

build.security, an Israel-based company that has been developing an authorization policy management platform, emerged from stealth mode on Wednesday with $6 million in seed funding.

Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America.

President Donald Trump on Tuesday fired the nation’s top election security official, a widely respected member of his administration who had dared to refute the president’s unsubstantiated claims of electoral fraud and vouch for the integrity of the vote.

The IoT Cybersecurity Improvement Act, a bill that aims to improve the security of Internet of Things (IoT) devices, passed the Senate on Tuesday and is heading to the White House for the president’s signature.

A sophisticated advanced persistent threat (APT) group believed to be operating out of China has been stealthily targeting Southeast Asian governments over the past three years, Bitdefender reports.The attacker’s infrastructure appears to be active even today, despite many of the command and control (C&C) servers being inactive.

President Donald Trump on Tuesday fired the director of the federal agency that vouched for the reliability of the 2020 election.Trump fired Christopher Krebs in a tweet, saying his recent statement defending the security of the election was “highly inaccurate.”

The government of Canadian Prime Minister Justin Trudeau on Tuesday presented a draft law that would impose major fines on companies that violate privacy law by misusing the personal data of their customers.

Zoom over the weekend rolled out two new features that are aimed at tackling meeting disruptions.