Security News > 2020 > March

Google has addressed a high-severity flaw in MediaTek's Command Queue driver that developers said affects millions of devices - and which has an exploit already circulating in the wild. The MediaTek bug meanwhile is an elevation-of-privilege flaw discovered by members of XDA-Developers - they said the bug is more specifically a root-access issue.

Security firm Kaspersky has released a report with startling statistics about IoT security, including the fact that nearly a third of companies with IoT systems faced attacks targeting internet-connected devices in 2019. Many IoT devices will have security certificates that verify their level of security and the best way to protect them.

In an RSA 2020 conference keynote, Cisco's Wendy Nather spoke of "Democratizing security" - thinking differently about the people we serve and secure. She expands on that theme and discusses her role as head of advisory CISOs at Cisco's Duo Security unit.

Mobile payment fraud is growing, and is growing faster in the mobile ecosystem than anywhere else. Just as the targets have evolved with the emergence of mobile as the fraud platform of choice, so too have the payment types evolved.

Why would anyone want to worry about 146,000,000 database entries relating to free Wi-Fi users connecting to a free Wi-Fi service? The problem with the second sort of 'free' Wi-Fi is that the company that's giving you the 'free' service can only really make money out of it - by which we mean that they can only make you pay for it - if they keep track who you are and what you do when you connect.

Google's March 2020 security updates for Android include fixes for over 70 vulnerabilities, including a critical flaw in media framework. The critical bug was patched as part of the 2020-03-01 security patch level, which addresses a total of 11 vulnerabilities in framework, media framework, and system.

Google this week announced the launch of FuzzBench, a free and open source service for evaluating fuzzers. The new open source, free service aims to solve these issues by providing a framework for evaluating fuzzers in a reproducible way.

These increased capabilities are part of the reason why Hunt said in June 2019 he was listing the service for sale - In a posting at the time, he said the sheer amount of breached data that needed to be loaded into database has increased beyond the capability of one person. Nicknaming the acquisition project "Project Svalbard" Hunt worked with consultancy KPMG to identify potential buyers and eventually narrowed the number down to 43 candidates who "Best aligned to the goals" outlined for HIBP. Hunt wanted buyers that had "Right level of responsibility" over the type of data HIBP deals with, and that would push the service in the direction Hunt wanted it to go.

Legal services company Epiq has taken its systems offline globally after being hit by a piece of ransomware. "As part of our comprehensive response plan, we immediately took our systems offline globally to contain the threat and began working with a third-party forensic firm to conduct an independent investigation," Epiq said in a statement.