Security News > 2020 > January

Facebook, Samsung and Ring have unveiled new or improved privacy and security tools at the 2020 CES consumer electronics show taking place this week in Las Vegas. Facebook announced a revamped version of Privacy Checkup, a tool launched in 2014 in an effort to make it easier for users to manage the information they share on the social media network.

German cycle-maker Canyon Bicycles GmbH has confirmed it was the victim of a security break-in over the holiday period that has all the hallmarks of a ransomware attack with parts of the infrastructure padlocked by the perpetrators. "The attack shows massive criminal intent," said Canyon founder and CEO Roman Arnold.

Google has temporarily disconnected Xiaomi's IP cameras from its Home Hub service after a user reported that he was seeing images from other people's devices. Reddit user u/Dio-V found that Xiaomi's Mijia 1080p IP camera was sending still images from other peoples' homes when he accessed it via his Google Home Hub.

On Saturday, Troy Mursch of Chicago-based threat intelligence firm Bad Packets reported that his internet scans have identified 3,825 Pulse Secure VPN servers that remain at risk because they have not been updated with a patch to fix a critical vulnerability, designated CVE-2019-1150. The patch for Pulse Secure VPN servers - as with critical patches for VPN servers built by Fortinet and Palo Alto that have also required updates to fix serious flaws since last year - has been available for months.

That ransomware attackers can steal as well as encrypt data isn't a new phenomenon but the possibility that sensitive data might be revealed to the world is potentially more damaging than any short-term disruption caused by the malware. To understand this defiance, consider other recent Maze incidents in which the Maze gang released samples of the stolen data to media, and set up a special website to publish it.

An SQL injection vulnerability in the Government of Gibraltar's website paved the way for any old Joe to rewrite official web versions of the British Overseas Territory's laws. Security researcher Ax Sharma spotted the vuln while poring over the Gibraltar government's visa rules, which he accessed from the Gibraltar Borders and Coastguard Agency website.

The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the laptop and triggers a udev script [1, 2, 3] that executes a series of preset operations.

That IT exec's name is Hicham Kabbaj, and on Friday, he pleaded guilty to one count of wire fraud for having set up a shell company and billing his employer for firewalls and services that "Interactive Systems" never actually installed. Once Company-1 paid up, Kabbaj would slide the cash on over to his own bank account - a scam that netted him a cool $6 million.

Last month, the Pentagon told US military to steer clear of what it sees as a national-security landmine: the singing/dancing/jokey TikTok platform. TikTok has tried to soothe US fears about censorship and national security risks, including a reported plan to spin TikTok off from its parent company.

PCs still running when Windows 7 reaches end of life on the 14th of January will be significantly more at risk of ransomware, Veritas Technologies has warned. Businesses running Windows 7 should prepare themselves in order to avoid the impact that vulnerability to ransomware could have on their organizations.