Security News > 2020 > January

Two high-severity buffer overflow vulnerabilities patched in the OpenCV library could lead to arbitrary code execution. OpenCV is an open source library that contains over 2,500 optimized computer vision and machine learning algorithms and which aims to accelerate the use of machine perception in commercial products.

Apple has filed an amended complaint in the lawsuit against Corellium and the virtualization company has responded by claiming that the tech giant is using the lawsuit to crack down on jailbreaking. Corellium provides a virtual iPhone that can be used to find vulnerabilities and test the functionality of mobile apps on different versions of the iPhone and iOS. Apple has accused the company of copyright infringement, stating that Corellium was not authorized to copy its products.

It appears the UK banking system is playing a fiscal game of Top Trumps as both Yorkshire and Clydesdale Bank followed yesterday's example set by Lloyds by not processing payments into customer accounts. Yorkshire Bank's customer service orifice on Twitter gave up responding publicly to users just before 10am, presumably to focus on the wave of customers bombarding the bank's news emitter.

China-based electronics company Xiaomi said it has fixed a "Cache update" issue for its Xiaomi Mijia smart camera after a Reddit user claims that attempts to view Xiaomi camera footage on his Google Nest Hub instead showed videos of strangers. This security camera can be linked to the Google Nest Hub if users integrate their Google accounts on Xiaomi's Mi Home application.

Presented at SecurityWeek's 2019 ICS Cyber Security Conference in Atlanta, PAS Global's Mark Carrigan provides a look at the state of OT cybersecurity with a focus on strategies that owner...

Given that Python 2 has been replaced by Python 3 without any interruption, and given that nothing bad happened when Python 1 switched over to Python 2 around the turn of the millennium, why is the "Death" of Python 2 such a big deal now? When Python 2 came along, it was a natural progresion from Python 1, and software written in Python 1 was, essentially, already valid Python 2.

A Georgia manufacturer that was hit by the Maze ransomware gang is fighting back by suing its attackers even though their true identity remains unknown. On Tuesday, Southwire, a cable and wire manufacturer based in Carrollton, Georgia, filed a civil lawsuit against its "John Doe" Maze gang attacker or attackers in Georgia federal court.

Set to be released next week, Firefox 72 will provide users with an option to delete the telemetry data that the browser collects from them, Mozilla says. Specifically, the CCPA enables people to learn more about the personal information that is being collected on them, to access the data and correct or delete it, to be informed on the third parties the data is being shared with, and to opt out of the sale of the data.

A researcher has found two new methods that payment card number thieves are using to try to stay under the radar. The attackers are sometimes referred to as Magecart, a name for a slew of groups that steal payment card numbers.

Houston, Texas-based dining, hospitality and gaming company Landry's revealed recently that it had discovered a piece of malware designed to steal payment card information on its systems. Following a payment card breach that hit the company's restaurants in 2015, Landry's started using a payment processing solution that relies on end-to-end encryption to protect sensitive information on point-of-sale terminals.