Firefox testing ‘Site Isolation’ feature

Site Isolation browser techniques were first deployed in Chrome in mid-2018, that separates each web page and web iframes in their own operating system process. Mozilla announced it planned to develop a similar feature in February 2019. Now Firefox developers have announced that Site Isolation can be toggled on in Nightly builds of the browser. The browser has been testing the feature since September and expects to have it in the stable branch of development by mid-2021. The feature is currently being tested by extension developers to make sure it doesn’t break functionality. 

(ZDNet)

Cisco patches DoS bugs in network security products

The vulnerabilities were found in Cisco’s Firepower Threat Defense software suite and in the operating system for its security devices, Adaptive Security Appliance. The most severe vulnerability impacted Cisco Firepower Chassis Manager, which offered insufficient CSRF protections, potentially opening the door for infected servers to provide client-side access. Several bugs would have allowed for attackers to trigger a denial of service, or upload arbitrary files to a specific folder, opening the door for further payload delivery. Cisco has issued patches, and says there is no evidence that the flaws had been exploited in the wild. 

(Threat Post)

Proposed German legislation authorizes access to encrypted messages

The bill would give security agencies authorization to tap into messages being sent in the country, and also using so-called “spy software” to break encryption on messages already sent. The bill also provides for a special parliamentary commission that would have oversight on intercepted communications. The bill now goes to Germany’s Federal Diet for legislative approval. 

(Security Week)

Microsoft lets you bypass Windows 10 update blocks

This comes as a new Windows 10 group policy to disable safeguard holds on a PC. These holds are usually set up by Microsoft or hardware makers where there are known compatibility issues with hardware, software, or settings in a Windows update. With the new “Disable safeguards for Feature Updates” Group Policy, admins can let users bypass any holds on a device. Microsoft said that this will allow organizations to test Feature Updates on their machines, but stressed that the holds should not be bypassed for large groups until extensive testing has been done. 

(Bleeping Computer)

Thanks to our episode sponsor, AuthSafe

Are online frauds a concern for your organization? Is it a hurdle for progress? 
Timely predictions and detections with cognitive engines, should do the trick. SecureLayer7 presents Authsafe. A technology to prevent and detect Fraud attacks old and new. With the help of credential stuffing, manual strive as well as specialized automated tools, Authsafe prevents your organization’s systems from being hampered. Learn more at Authsafe.ai

FBI says Iranians behind voter intimidation emails

This comes from an announcement from director of national intelligence John Ratcliffe. The emails claimed to be from the right-wing extremist group the “Proud Boys,” sent to registered Democratic voters in Florida, threatening them to switch to the Republican party. Florida is one of several US states that makes voter information public. At the announcement, FBI Director Christopher Wray said there was no way that Iranian actors could change American votes. A spokesperson for the Iranian Mission to the UN said the claims are “baseless.”

(NBC News)

Palantir to help the US government track COVID-19 vaccines

The news comes from the Wall Street Journal, speaking to state and local health officials briefed on the effort. The data-mining company has developed a system called Tiberius and builds off of existing work the company is doing to track COVID-19 hospitalizations. The system won’t have access to personal health information, and no personally identifiable information will be input. Tiberius will “integrate a wide range of demographic, employment and public health data sets to identify the location of priority populations,” creating real time maps and analyses to help efficiently distribute vaccine doses as they become available. 

(Wall Street Journal)

The Senate votes to issue subpoenas on social media moderation policies

The subpoenas will require Facebook CEO Mark Zuckerberg and Twitter CEO Jack Dorsey to testify regarding the platforms’ recent policy enforcement decisions regarding a New York Post story about Hunter Biden. The motion to issue subpoenas did not list a date for testimony. This comes after Twitter blocked all links to the story initially under its Hacked Materials policy, only to revise that policy to only impact materials shared by attackers. Facebook slowed distribution of the story until it went through its fact checking team. 

(CNBC)

Edward Snowden given permanent residency in Russia

The whistleblower and former US intelligence contractor has been living in Russia since 2013. Snowden had been living with a temporary residency permit in the country, but changes to Russia’s immigration laws have now made that permit indefinite. Snowden is still wanted in the US for leaking information showing the mass NSA collection of phone records of US citizens. 

(Security Week)