Security News > 2020 > March

Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the latest version. A VPN app should open a private connection to a dedicated server through which all internet traffic from the device is routed before being forwarded to the website or service someone is accessing.

The digital burglary at 118 118 Money exposed recordings of customer service calls that included a raft of personal information although thankfully not payment data. As revealed last week, the parent company of the personal loans and credit card provider - the sister business of the better-known UK directory enquiries service - pulled its website offline after spotting an unauthorised intruder.

The Utah Attorney General's Office is investigating the hacking of a video call hosted by a gubernatorial candidate who saw the call hijacked by pornographic images and racial slurs on Thursday. Republican Aimee Winder Newton was about five minutes into the virtual event on the Zoom platform when the trouble began as all 130 state delegates on the call were unmuted, said Caroline Bena, a spokeswoman for the campaign.

Enough people must have griped about the loss of "Www" and "Https" in Chrome's address bar to make Google rethink it: Chromium developers are testing a new Omnibox context menu that would give users the option to "Always Show Full URLs.". On 17 March, Chromium developers outlined the plan for users to opt-out of URL snippage in a post on the bug tracker titled "Implement Omnibox context menu option to always show full URLs".

This weekend, the Wall Street Journal reported that US government officials are using location data from millions of cellphones to understand citizens' movements and how they're affecting the spread of the disease. Other countries are taking a soft approach to using location data for the public good.

In 2019, Google sent nearly 40,000 warnings to accounts that were targeted by state-sponsored phishing or malware attacks, it reported on Thursday. Google's also seen cases wherein attackers first try to chummy up with targets by sending several benign emails to build rapport.

Threat actors have been exploiting a couple of vulnerabilities affecting some DrayTek enterprise routers in attacks that started before patches were released by the vendor. In early December 2019, researchers at the Network Security Research Lab of Chinese cybersecurity firm Qihoo 360 noticed that some DrayTek Vigor routers had been targeted in attacks exploiting a vulnerability which at the time had a zero-day status.

So in this sense, I think that any argument for using surveillance to keep track of covid-19 infections or to provide basic security isn't credible and so can't be simply trusted. If anyone now were to claim that they think they can stop an outbreak by means of surveillance, I think such might as well be deceptive, but also very wrong if the surveillance part isn't really neccessary.

Not unexpectedly, enterprise VPN use has also greatly increased, and so has the use of the Remote Desktop Protocol, a popular and common means for remotely managing a computer over a network connection. The number of devices exposing RDP to the internet on standard ports has grown by 41.5 percent over the past month.

Shortly after our story was published, an infoec bod, who asked to remain anonymous, told El Reg they could access the files in the leaky bucket weeks after it was supposedly taken down. A report from Google claims phishing attacks from government-backed spies are increasingly disguised as messages from journalists.