Security News > 2020 > March

The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a person if the first attempt to identify them fails. Counter-intuitively, training facial recognition algorithms to recognize masked faces involves throwing data away.

Despite often repeated advice of using unique passwords for online accounts - or at least the most critical ones - password reuse continues to be rampant. According to breach discovery firm SpyCloud, employees of the Fortune 1000 are just as bad about reusing passwords as the rest of us.

According to Reuters sources, the attack likely came from Darkhotel, a group that according to MITRE has been active since at least 2004. When you read about it, all the bad guy did was set up a phishing website that emulated the World Health Organization's internal mail server to harvest logins and passwords.

The office of New York Attorney General Letitia James sent letters - here's one sent to GoDaddy - to six of the internet's largest domain name registrars, asking them how they plan to protect New Yorkers and others across the country from these scams by making it tougher to register a domain that's likely to be selling snake oil, inflicting malware or setting up whatever other trap the crooks have been rushing to put into place. Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints.

A UK housing association blurted 3,500 people's sensitive personal data as part of a bungled "Please update your contact details" email exercise, The Register has been told. Watford Community Housing sent the email on the night of 23 March to people it thought were its tenants.

SEE: Security Response Policy The report, "The Global State of Industrial Cybersecurity," which includes responses from full-time IT pros in the US, UK, Germany, France, and Australia, found that business security leaders in the US are more concerned about the security of their industrial OT systems than are leaders in other nations. The data also showed that global IT security professionals have a more positive overall outlook about their OT network security compared with their counterparts in the US. About 62% of the global IT respondents said they believe that industrial OT networks are properly safeguarded, compared to only 49% of US respondents.

General Electric revealed last week that the personal information of some employees may have been compromised as a result of a data breach suffered by Canon Business Process Services. In a data breach notification sent to affected individuals and submitted to the California Attorney General, GE said an unauthorized party gained access to a Canon email account containing documents belonging to some of its employees.

"Public clouds are, by and large, homogeneous infrastructures with embedded monitoring capabilities that are ubiquitous and have centralized security administration and threat remediation tools built on top," Konstantas told Help Net Security. "Automation really is central to effective cloud security. Just take the example of data and consider the volume of data flowing into cloud hosted data bases and data warehouses. Classifying the data, identifying PII, PHI, credit cards etc., flagging overly permissioned access, and requiring additional authorization for data removal - all these things have to be automated. Even the remediation, or prevention of access needs to be automated," she noted.

The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The name TrickMo is a direct reference to a similar kind of Android banking malware called ZitMo that was developed by Zeus cybercriminal gang in 2011 to defeat SMS-based two-factor authentication.

Apple has emitted a bundle of security fixes ranging across its product lines. For the flagship iOS, the 13.4 update includes fixes for 30 security holes.