Security News > 2020 > March

It's particularly alarming when those passwords are supposed to secure video streams of your life, your front door, your bedroom, your child, your belongings, or any other manner of footage streamed out from your most intimate moments. Until new laws are in place, it is vital that consumers research smart device purchases carefully, and follow guidance to ensure their devices are protected by strong passwords and receiving regular security updates to reduce the risk of hackers exploiting vulnerabilities.

Google published patches for over 70 software vulnerabilities in its Android security bulletin this month, finally fixing a security exploit for MediaTek chipsets said to have been in the wild for months, affecting millions of devices. Google classifies CVE-2020-0069 as an elevation of privilege bug in MediaTek's command queue driver, and only gives it a high severity ranking in its bulletin.

Airline pilots faced with hacked or spoofed safety systems tend to ignore them - but could cost their airlines big sums of money, an infosec study has found. The team, who presented their paper at the NDSS infosec symposium, found that while their attacks against these systems "Created significant control impact and disruption through missed approaches", all pilots in the study were able to cope and land their simulated aircraft safely.

A UK cybercrime vigilante was so incensed by tech support scammers he reverse-hacked the call centre in India to reveal CCTV footage of perpetrators as they ripped off their victims in real-life calls. During 2019, Browning said he was able to identify dozens of call centres in India where many of tech support scams targeting English speakers originate.

India: Facebook removed a network of 37 Facebook accounts, 32 Pages, 11 Groups and 42 Instagram accounts whose activity originated in India and which focused on the Gulf region, US, UK and Canada. Egypt: Facebook removed a network of 333 Facebook accounts, 195 Pages, 9 Groups and 1194 Instagram accounts.

The Chinese company claims it's aware of attacks launched by the CIA between September 2008 and June 2019. "In the CIA's attack against Chinese aviation organizations and scientific research institutions, we found that attackers mainly targeted system developers in these sectors to carry out the campaigns," Qihoo said in an English-language blog post.

Cybercriminals continued a barrage of attacks in 2019, spurred on by botnets of infected IoT devices and by attacker interest in the Eternal Blue vulnerability. A report from F-Secure documents a steep increase in attack traffic in 2019 that was unmatched by previous years.

Adaptive trust begins by collecting data across the enterprise about user activities - who does what and when, and which apps and data they use to accomplish their tasks. The point is, the adaptive trust system recognizes anomalies and takes action in accordance with company policy-with little or no human intervention involved.

There was an increase in incidents of ransomware, maturation of the tactics used, and increasing ransom demands from eCrime actors. Combatting threats from sophisticated nation-state and eCrime adversaries requires a mature process that can prevent, detect and respond to threats with speed and agility.

Cybercriminals are finding new ways to get malware on mobile devices, including abusing Android's accessibility features, according to a McAfee report. "Certain apps are hiding themselves and stealing resources and data from mobile devices, according to a new report by security firm McAfee. This is a growing threat comprising almost half of all malicious mobile malware, and a 30% increase from 2018, said Raj Samani, chief scientist and McAfee fellow, who authored the Q1 2020 McAfee Mobile Threat Report. SEE: Top Android security tips"This shows where the focus from criminals [is] on the mobile platform, which is in stark contrast to non-mobile malware,'' Samani said.