China launches initiative to set global data-security rules
China is launching its own initiative to establish global standards for data security, as a counter measure to similar efforts being coordinated by the U.S. Chinese Foreign Minister Wang Yi announced the program on Tuesday at a Beijing seminar on global digital governance, citing growing risks to data security and the politicization of security issues. The Chinese initiative follows the announcement of the Clean Network program, which excludes Chinese telecommunications firms, apps, cloud providers and undersea cables from internet infrastructure used by the U.S. and other countries.
Google releases new development platform that includes no-code tools and serverless computing
Its new Business Application Platform category of software also encompasses API programming management, process automation and business analytics, and is aimed to create more consistent ways for users including nontechnical users to access services, data, and functionality to build data-driven applications quickly without using a programming language. Google states this platform addresses Gartner’s estimates that there will be four times as many “citizen developers” as professional coders in large enterprises by 2023.
Intel’s supercomputer faces further delay
A $500 million supercomputer ordered by the Department of Energy has hit a delay. Named Aurora and built for exascale computing, the supercomputer was intended as a flagship, demonstrating American independence from offshore computing technology suppliers. Logistical and production delays of up to 12 months mean Intel will require chips for Aurora to be manufactured offshore after all. Intel was already struggling to rebound from a multi-year delay in perfecting a new manufacturing technique, which allowed competitors such as Taiwan Semiconductor and Samsung to grab market share.
Microsoft fixes Windows 10 bug that causes excessive solid state drive defragging
Microsoft has fixed a bug in the Windows 10 version 2004 defragger that caused solid state drives to be defragmented too often. Rather than run a defrag once per month, the bug caused the Automatic Maintenance feature to forget when the last scheduled maintenance had run, forcing an attempt to perform a defrag on every reboot, affecting an SSD drive’s longevity. The bug fix was released yesterday as part of patch Tuesday.
Thanks to our sponsor, Remediant
Crypto bugs found in 306 popular Android apps; none get patched
A team of academics from Columbia University developed a tool that analyzed Android applications to see if they were using cryptographic code in an unsafe way. It tested 1,780 of the most popular Android applications, in September and October 2019, looking for violations of 26 basic cryptography rules. The exercise showed how app developers are often unschooled in cryptography prior to entering the app development space. Since discovering the bugs and contacting the developers, the researchers point out that not one of the apps has yet been patched.
Cybersecurity companies expose sensitive data online
A study from ImmuniWeb reveals cybersecurity companies have exposed sensitive data including PII and passwords online. The researchers investigated 398 of the world’s top security vendors and discovered verified sensitive data over 631,000 times, with 17% at critical risk levels. This included logins with plaintext or weak passwords, data leaks such as recent or unique PII and financial records. 5100 stolen credentials came from breaches of adult content sites, meaning employees had registered on such sites with their work emails.
WordPress plugin flaw affects 700,000 users
The threat intelligence team from cybersecurity firm Wordfence discovered a zero-day vulnerability in WordPress’s File Manager plugin that could allow threat actors to execute commands and upload malicious files on a target site. File Manager is a plugin intended to help WordPress admins manage files on their websites. However, the researchers stated that a patch has been released to fix the vulnerability and WordPress has asked users to update to the latest version 6.9 immediately.
Student arrested for cyberattack against Miami schools used ‘easy to prevent’ program
A 16-year old student who successfully shut down online classes in Miami-Dade’s school district – the fourth largest in the nation – has alarmed cybersecurity experts, who stated that the district should have been able to withstand such an attack. The student used an easily downloadable DDoS software called “Low Orbit Ion Cannon,” which is the same tool that Anonymous used a decade ago to attack MasterCard, Visa, and PayPal. Cybersecurity experts point out this speaks to the cybersecurity posture of school districts who have long believed they wouldn’t be a target.