Security News > 2020 > January

Facebook has agreed to pay $550 million to Illinois users to settle a class action lawsuit filed over the use of its face-tagging technology to collect facial-recognition data on its social media platform. The suit stems from a class-action proceeding from Facebook users in Illinois over a feature called Tag Suggestions, which identifies Facebook users in photos based on biometric identification technology and suggests that they be "Tagged" in photos on someone else's profile based on that info.

Many CISOs I speak with are growing weary of searching for the next "Silver bullet" security technology or another threat feed to improve their security posture. Clearly, this approach hasn't worked as the velocity of attacks increases and the cost of a data breach continues to rise - from $3.86 million last year to $3.92 million in 2019, according to the 2019 Ponemon Cost of a Data Breach Study.

In March 2019, researchers with a group called Security Without Borders - a non-profit that often investigates threats against dissidents and human rights defenders - identified more than 20 government spyware apps squatting in plain sight, pretending to be harmless, vanilla apps on Google's Play store. Those apps - which were just a decoy through which government spyware called Exodus was installed on targets' phones - were anything but harmless.

Zoom Video Communications has fixed a vulnerability that - under certain conditions - could have allowed an uninvited third party to guess a Zoom meeting ID and join a conference call. The flaw was due, in part, to an attacker potentially being able to guess a valid Zoom meeting ID, according to Alexander Chailytko, a research and innovation manager at Check Point, who notes that all Zoom meeting IDs have nine to 11 digits.

So says Mieke Eoyang, long-time US government policy adviser and veep of the national security program at Washington DC think tank Third Way. After citing figures from Uncle Sam that show only three in 1,000 cyber-crimes are actually prosecuted - the actual ratio could be closer to three in 100,000 as the FBI tends to underestimate the extent of cyber-crime, she explained - Eoyang said police and agents are either told not to pursue online fraudsters or not given the training and resources to do so.

Vulnerabilities in Dell and HP laptops could allow an attacker to access information and gain kernel privileges via the devices' Direct Memory Access capability. "This can allow an attacker to execute kernel code on the system, insert a wide variety of kernel implants and perform a host of additional activity such as spawning system shells or removing password requirements."

Adobe-owned Magento has plugged multiple critical vulnerabilities in its eponymous content management system, the most severe of which could be exploited by attackers to achieve arbitrary code execution. According to the newest Magento-themed security bulletin, three of the six fixed flaws are critical and three are important.

That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest dark web marketplaces where cybercriminals buy and sell stolen payment card data. Now it turns out that the Wawa breach marked itself in the list of largest credit card breaches ever happened in the history of the United States, potentially exposing 30 million sets of payment records.

If you're an IT security professional, you're almost certainly familiar with that sinking feeling you experience when presented with an overwhelming number of security issues to remediate. If you aren't prioritizing cybersecurity risks effectively, you're not only creating a lot of extra work for your team and yourself - you're also needlessly exposing your organization to IT security attacks.

61% of organizations in the U.S. and Canada are committed to moving enterprise applications to the cloud as quickly as possible, but many struggle with challenges related to company culture on the way to a successful cloud strategy, NTT DATA Services reveals. "Cloud adoption is critical to create a more agile, innovative business, but leaders must address cultural challenges to successfully modernize," said Emily Lewis-Pinnell, Vice President, Cloud and Application Transformation, NTT DATA Services.