Security News > 2020 > January

A current hacking competition on the illicit forum known as XSS offers members the chance to win a share of $15,000 in return for original articles containing proof-of-concept videos or original code, according to a Digital Shadows report, released on Thursday. In the past, competitions on underground forums offered much smaller prize winnings and also focused on lighthearted challenges meant to build community, rather than hacking prowess.

A newly launched project wants to help inform IT security representatives and domain owners when their users fall victim to phishing. Ch, the project collects information on users who became victims of phishing by entering their credentials on a phishing website.

Google has open-sourced OpenSK, firmware that, combined with an affordable chip dongle, allows you to make your own security key to use for authentication purposes. About OpenSK. OpenSK isan open-source implementation for security keys that supports both FIDO U2F and FIDO2 standards.

The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the "Entire domain" was probably compromised by an attacker who was lurking on the UN's networks.

A Chinese hacking crew which had previously been focusing on industrial and commercial attacks has now involved itself in efforts to suppress protests in Hong Kong. Researchers at security shop ESET say the Winnti Group, a hacking operation believed to be backed by the Chinese government, has begun targeting the networks and accounts of at least five universities in Hong Kong.

The order comes amid a spate of warnings and bans at multiple government agencies, including the Department of Defense, about possible vulnerabilities in Chinese-made drone systems that could be allowing Beijing to conduct espionage. The Army banned the use of Chinese-made DJI drones three years ago following warnings from the Navy about "Highly vulnerable" drone systems.

Now can't be an easy time to be a professional drone pilot working for the US Department of the Interior. Until the issue is resolved, the only DOI drone flights allowed will be those connected to emergencies - monitoring wildfires and floods, both uses that underscore the importance of drones to the agency's work.

A researcher has discovered more than 60 vulnerabilities across 20 physical security products, including critical flaws that can be exploited remotely to take complete control of a device. The DHS's Cybersecurity and Infrastructure Security Agency recently published an advisory to warn users of Honeywell's MAXPRO video management system and network video recorder products that Austria-based researcher Joachim Kerschbaumer had identified two serious vulnerabilities that could allow hackers to take control of affected systems.

Facing intense criticism, anti-virus software maker Avast on Thursday said it will shut down Jumpshot, its data collecting side business. The Avast subsidiary has been funneling to marketers detailed internet browsing activity from the firm's security products and browser extensions.

For years, financial technology companies have used screen-scraping to retrieve customers' financial data with their consent. As ZDNet reports, one of the calls for a ban came from Lisa Schutz, founding director of The Regtech Association and CEO of Verifier, who said that her company could use screen-scraping, but it's chosen not to.