Security News > 2020 > January

Learn how to secure your iOS 13 devices and protect your privacy by tweaking the default settings. Devices using iOS 13 are some of the most secure in the world; however, there are settings you can change to make your iOS experience even more secure.

In terms of bugs themselves, "[we also] saw abused for privilege escalation, had the Samsung handset exploited via baseband for the third Pwn2Own Tokyo in a row and disclosed a significantly impactful SharePoint bug later seen in active attacks," ZDI's Brian Gorenc wrote, in a blog post on Thursday. From a trend perspective, Gorenc said that 2019 saw a shift towards more reports for high-severity flaws - rather than medium-severity bugs making the bulk of advisories as they have in years past.

Police in the United Kingdom have arrested six suspects as part of a months-long money laundering investigation tied to the theft of €13 million from a Maltese bank. As part of the investigations into the bank heist, which has been tied to an organized crime gang, Britain's National Crime Agency says it arrested two men, ages 22 and 17, last week in London.

Japanese IT and electronics company NEC Corporation has revealed that hackers had access to its network for a long time, but the incident occurred several years ago. The attack, NEC says, was initially discovered in July 2017, when a report from the security company contracted by the electronics giant revealed unauthorized communications between computers on the internal network and external entities.

Cybercriminals are using fake email messages about the coronavirus to spead the Emotet Trojan as well as other malware, according to reports released this week by IBM and Kaspersky. The cybercriminals spreading the Emotet Trojan apparently are attempting to target regions closer to China, where the coronavirus originated, but it's likely that their tactics will shift to other countries in the coming weeks, according to IBM. "We expect to see more malicious email traffic based on the coronavirus in the future, as the infection spreads," the IBM researchers say.

When state election officials gathered ahead of the last presidential election, major topics were voter registration, identity theft and ballot design. Election officials from 44 states joined officials with 11 federal agencies and representatives from more than a dozen voting technology companies to participate in the half-day exercise to help them keep votes secure.

A federal judge has ruled that an insurer providing a "Business owner's insurance policy" to National Ink & Stitch, which sustained a ransomware attack in 2016 and was forced to replace most of its IT infrastructure, must pay for the damages the security incident caused. In her recent ruling, Judge Stephanie Gallagher of the U.S. District Court of Maryland wrote that the damage to Nation Ink & Stitch's computer infrastructure from a ransomware attack constituted "Physical loss or damage" covered by the insurance policy and that the insurer must pay the costs to recover and rebuild the network.

Police in the United Kingdom have arrested six suspects as part of a months-long money laundering investigation tied to the theft of €13 million from a Maltese bank. As part of the investigations into the bank heist, which has been tied to an organized crime gang, Britain's National Crime Agency says it arrested two men, ages 22 and 17, last week in London.

Google on Thursday announced that it has released the source code for a project named OpenSK in an effort to allow users to create their own security key devices. Specifically, the company hopes that researchers, manufacturers of security keys and even enthusiasts will help develop new features and accelerate the adoption of these authentication devices.

Targeting UN networks in Geneva and Vienna, the attacker was able to compromise accounts and data at dozens of servers, prompting one senior UN IT official to call it a "Major meltdown," the New Humanitarian said. "These things...attempts to attack the UN IT infrastructure happen often. The attribution of any IT attack is remains very fuzzy and uncertain. So, we are not able to pinpoint to any specific potential attacker, but it was, from all accounts, a well‑resourced attack."