China launches initiative to set global data-security rules

China is launching its own initiative to establish global standards for data security, as a counter measure to similar efforts being coordinated by the U.S. Chinese Foreign Minister Wang Yi announced the program on Tuesday at a Beijing seminar on global digital governance, citing growing risks to data security and the politicization of security issues. The Chinese initiative follows the announcement of the Clean Network program, which excludes Chinese telecommunications firms, apps, cloud providers and undersea cables from internet infrastructure used by the U.S. and other countries.

(Wall Street Journal)

Google releases new development platform that includes no-code tools and serverless computing

Its new Business Application Platform category of software also encompasses API programming management, process automation and business analytics, and is aimed to create more consistent ways for users including nontechnical users to access services, data, and functionality to build data-driven applications quickly without using a programming language. Google states this platform addresses Gartner’s estimates that there will be four times as many “citizen developers” as professional coders in large enterprises by 2023. 

(Silicon Angle)

Intel’s supercomputer faces further delay

A $500 million supercomputer ordered by the Department of Energy has hit a delay. Named Aurora and built for exascale computing, the supercomputer was intended as a flagship, demonstrating American independence from offshore computing technology suppliers. Logistical and production delays of up to 12 months mean Intel will require chips for Aurora to be manufactured offshore after all. Intel was already struggling to rebound from a multi-year delay in perfecting a new manufacturing technique, which allowed competitors such as Taiwan Semiconductor and Samsung to grab market share. 

(New York Times)

Microsoft fixes Windows 10 bug that causes excessive solid state drive defragging

Microsoft has fixed a bug in the Windows 10 version 2004 defragger that caused solid state drives to be defragmented too often. Rather than run a defrag once per month, the bug caused the Automatic Maintenance feature to forget when the last scheduled maintenance had run, forcing an attempt to perform a defrag on every reboot, affecting an SSD drive’s longevity. The bug fix was released yesterday as part of patch Tuesday.

(Bleeping Computer)

Thanks to our sponsor, Remediant

Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and one Fortune 100 company calls them “the world’s best protection against major incidents.” Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA.

Crypto bugs found in 306 popular Android apps; none get patched

A team of academics from Columbia University developed a tool that analyzed Android applications to see if they were using cryptographic code in an unsafe way. It tested 1,780 of the most popular Android applications, in September and October 2019, looking for violations of 26 basic cryptography rules. The exercise showed how app developers are often unschooled in cryptography prior to entering the app development space. Since discovering the bugs and contacting the developers, the researchers point out that not one of the apps has yet been patched.

(ZNet)

Cybersecurity companies expose sensitive data online

A study from ImmuniWeb reveals cybersecurity companies have exposed sensitive data including PII and passwords online. The researchers investigated 398 of the world’s top security vendors and discovered verified sensitive data over 631,000 times, with 17% at critical risk levels. This included logins with plaintext or weak passwords, data leaks such as recent or unique PII and financial records. 5100 stolen credentials came from breaches of adult content sites, meaning employees had registered on such sites with their work emails.

(InfoSecurity Magazine)

WordPress plugin flaw affects 700,000 users

The threat intelligence team from cybersecurity firm Wordfence discovered a zero-day vulnerability in WordPress’s File Manager plugin that could allow threat actors to execute commands and upload malicious files on a target site. File Manager is a plugin intended to help WordPress admins manage files on their websites. However, the researchers stated that a patch has been released to fix the vulnerability and WordPress has asked users to update to the latest version 6.9 immediately.

(CISO Mag)

Student arrested for cyberattack against Miami schools used ‘easy to prevent’ program

A 16-year old student who successfully shut down online classes in Miami-Dade’s school district – the fourth largest in the nation – has alarmed cybersecurity experts, who stated that the district should have been able to withstand such an attack. The student used an easily downloadable DDoS software called “Low Orbit Ion Cannon,” which is the same tool that Anonymous used a decade ago to attack MasterCard, Visa, and PayPal. Cybersecurity experts point out this speaks to the cybersecurity posture of school districts who have long believed they wouldn’t be a target.

(Miami Herald)