G Suite admins can now disallow SMS and voice authentication

Users of Google’s cloud-based suite of productivity apps may find when logging in that their usual two-factor authentication options (2FA, or 2-step verification, as Google calls it) have disappeared.

If G Suite users have previously been logging in with SMS or voice call verifications, they could now be asked to authenticate using another method such as Google’s Prompt system or a security token based on the FIDO/2.0 standards.

Hopefully, this won’t come as a surprise to users because their G Suite admins will have mentioned this change in their 2FA options to users in advance.

Firefox Send — Free Encrypted File Transfer Service Now Available For All

Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket.

Mozilla has finally launched its free, end-to-end encrypted file-transfer service, called Firefox Send, to the public, allowing users to securely share large files like video, audio or photo files that can be too big to fit into an email attachment.

Firefox Send was initially rolled out by Mozilla to test users way back in August 2017 as part of the company's now-defunct "Test Pilot" experimental program.

Xiaomi Electric Scooters Vulnerable to Life-Threatening Remote Hacks

Smart devices definitely make our lives easier, faster, and more efficient, but unfortunately, an insecure smart device can also ruin your day, or sometime could even turn into the worst nightmare of your life.

If you are an electric scooter rider, you should be concerned about yourself.

In a report shared with The Hacker News in advance, researchers from mobile security firm Zimperium said to have discovered an easy-to-execute but serious vulnerability in M365 Folding Electric Scooter by Xiaomi that could potentially putting riders life at risk.

Xiaomi e-Scooter has a significant market share and is also being used by different brands with some modifications.

Google Created Faster Storage Encryption for All Low-End Devices

Google has launched a new encryption algorithm that has been built specifically to run on mobile phones and smart IoT devices that don't have the specialized hardware to use current encryption methods to encrypt locally stored data efficiently.

Encryption has already become an integral part of our everyday digital activities.

However, it has long been known that encryption is expensive, as it causes performance issues, especially for low-end devices that don't have hardware support for making the encryption and decryption process faster.

Researchers Release Tool That Finds Vulnerable Robots on the Internet

A team at a robot cybersecurity startup has released a free, open-source tool for information security professionals to help them easily 'footprint' and detect unprotected robots, not only connected to the Internet, but also to the industrial environments where they operate.

Dubbed "Aztarna," the framework has been developed by Alias Robotics, a Spanish cybersecurity firm focused on robots and is capable of detecting vulnerable industrial routers and robots powered by ROS (Robot Operating System), SROS (Secure ROS) and other robot technologies.

Written in Python 3, Aztarna is basically a port scanning tool with a built-in database of fingerprints for industrial routers (including Westermo, Moxa, Sierra Wireless, and eWON), and robotic technologies and components, as well as patterns that power the tool to test those devices against various known vulnerabilities and security misconfigurations.

Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

Just in time…
Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same.

Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by a remote, man-in-the middle attacker to compromise Linux machines.

The flaw, apparently, once again demonstrates that if the software download ecosystem uses HTTPS to communicate safely, such attacks can easily be mitigated at the first place.

Endgame for Assange

Julian Assange looks very pale. "Pale" isn't quite accurate; his skin looks like parchment, almost translucent. He hasn't seen the sun for almost seven years. He sits opposite to me in the so-called Meeting Room of the Ecuadorian Embassy in London, the snow-white hair, his trademark, is shoulder-length and he wears a long beard. We joke about him looking like Santa. He wears a thick down jacket and eats a piece of the sushi I brought for lunch. It is cold in the room and I regret that I left my winter coat at the reception.

It is just before Christmas, and Julian Assange has probably just had the worst time of his stay at the embassy. Since March 2018 he was de facto in isolation, no telephone, no internet and no visits. The internet ban must be particularly difficult for him; it was not only his field of work, but his only access to the world.

The mood in the embassy is tense; the new ambassador is due to arrive. They have turned off the heating and taken the bed, he sleeps on a yoga mat. I cannot help the impression that everything possible is being done to make his stay so difficult that he finally gives in and leaves the embassy voluntarily. But what will await him then?