Security News > 2020 > January

Will Britain's Huawei decision serve as a blueprint for other nations' 5G infrastructure rollouts? U.K. Prime Minister Boris Johnson on Tuesday announced that the country's four biggest telecommunications firms will be allowed to use equipment from Huawei for up to 35 percent of non-sensitive parts of their 5G and gigabit-capable networks.

Avast will pull the plug on Jumpshot, its controversial data analytics business, after it was revealed the company was harvesting its users' data. The Brit antivirus firm ran into trouble last month when a security researcher, Wladimir Palant, found that the company's Firefox browser extensions were collecting customers' browsing data, including URLs of sites they had visited, and per-device unique IDs, and selling it, apparently deanonymised, to customers such as Revlon, Tripadvisor and Intel.

Two Harvard undergraduates completed a project where they went out on the Dark Web and found a bunch of stolen datasets. Then they correlated all the information, and then combined it with...

Cisco this week informed customers that some of its Small Business Switches are affected by high-severity vulnerabilities that can be exploited to obtain sensitive device information and to launch denial-of-service attacks. The information disclosure vulnerability is caused by the lack of proper authentication controls and it can be exploited by sending specially crafted HTTP requests to the user interface of an affected switch.

The UN did not share that discovery with the authorities, the public, or even the potentially affected staff, and we now know about it only because TNH reporters got their hands on a confidential report by the UN. How was the UN hacked? According to the report, the attack started in July 2019, when the attackers managed to compromise a server located at the UN Office in Vienna through CVE-2019-0604, a security hole in Microsoft SharePoint patched by Microsoft in February 2019 and subsequently widely exploited by attackers to hit a variety of targets worldwide.

Last week, the state House of Representatives unanimously passed legislation - House Bill 1143 - stipulating that employers can't force their employees to have an ID or tracking chip implanted in their bodies as a condition of employment. As the Indiana Lawyer reports, Morrison said that he wants to be sure employers don't "Overstep their bounds" by imposing mandatory employee microchipping.

The United States Department of the Interior this week has halted the operation of unmanned aircraft systems over cybersecurity concerns most likely related to the use of Chinese drones. The purpose of the order is "To better ensure the cybersecurity and supply of American technology of UAS procured for use and operation in support of the Department of the Interior's mission."

Cybertech Global Tel Aviv is one of the largest B2B networking events in the cyber industry, outside of the United States. Every year, the event attracts thousands of attendees, mainly C-level executives, investors, professionals, and government officials from all over the world.

Cybertech Global Tel Aviv is one of the largest B2B networking events in the cyber industry, outside of the United States. Every year, the event attracts thousands of attendees, mainly C-level executives, investors, professionals, and government officials from all over the world.

Many devices, including ones often found in enterprise environments, are likely still vulnerable to direct memory access attacks, despite the fact that hardware and software vendors have implemented protections that should prevent such attacks, firmware security company Eclypsium said on Thursday. Eclypsium recently conducted tests on a couple of devices - a Dell XPS 13 7390 2-in-1 released in October 2019 and an HP ProBook 640 G4 - in an effort to show that the presence of built-in protections may not be enough to prevent DMA attacks against machines often found in enterprise environments.