Hello and welcome to the weekend's usual weekly cybersecurity news round-up, covering the articles published between November 16 and 22, 2020.
Apple lets some Big Sur network traffic bypass firewalls
"Firewalls aren't just for corporate networks. Large numbers of security- or privacy-conscious people also use them to filter or redirect traffic flowing in and out of their computers. Apple recently made a major change to macOS that frustrates these efforts."
Firefox 83 released with 'HTTPS-Only Mode' that only loads HTTPS sites
"According to Mozilla, the new feature works by attempting to find the HTTPS version of any website, even if the user has accessed the site by typing or clicking on an HTTP link.
If Firefox can't auto-upgrade a site to an HTTPS connection, the browser will show an error to the user and ask them to click a button to confirm they want to access a website via an older HTTP connection."
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services
"Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world's largest domain name registrar, KrebsOnSecurity has learned."
Privileged Container Escape - Control Groups release_agent
"Privileged containers are often used in CI/CD pipelines to allow for building and publishing Docker images. Compromising a privileged container gets you one step closer to accessing the container host, but often will not let you easily execute commands directly on the host."
Dutch journalist gatecrashes EU defence video conference
"Daniel Verlaan of RTL Nieuws joined the meeting after the Dutch defence minister accidentally posted some of the login details on Twitter."
Thanks for reading!
For feedback or any suggestions, please write to us at cybersec@qrator.net.