Security News > 2020 > April

Dan Patterson speaks with cybersecurity expert Robert Lee about how Russia, Iran, China, and North Korea pose a threat to US industrial infrastructures. Robert Lee: The [countries] we've seen over the years would be Russia, Iran, China, North Korea-the normal players.

One way to ensure this is to update your Apple systems automatically and to have the App Store automatically update your apps as well. I'll explain how to keep iOS and macOS devices and apps up-to-date without lifting a finger when new updates are available.

A campaign that has been ongoing for months is targeting misconfigured open Docker Daemon API ports to install a piece of malware named Kinsing, which in turn deploys a cryptocurrency miner in compromised container environments. As part of the attack, hackers abuse misconfigured Docker API ports to run an Ubuntu container hosting Kinsing.

Digital and human rights groups have joined in a rare worldwide appeal to governments to respect privacy when handling the COVID-19 crisis. Signatories included technology-focused groups such as AI Now, Algorithm Watch, and the World Wide Web Foundation, along with human rights groups like Amnesty International and Human Rights Watch.

Google last week announced that it has started rolling back a cross-site request forgery protection introduced in early February with the release of Chrome 80 in the stable channel. Initially announced in May 2019, the protection involves Chrome enforcing a new secure-by-default cookie classification system, where cookies that haven't declared a SameSite value being treated as SameSite=Lax cookies.

One of the benefits of DTrace is the ability to use more than one probe, providing the tools you need to understand how events are related, and helping to track down complex bugs that traditional debugging tools can't pinpoint. Microsoft has now ported DTrace to Windows, building on the Open DTrace code and specification, adding specific Windows features with support for Event Tracing for Windows, for Windows system calls, and for Windows Process IDs.

Kaspersky has detailed its takedown of a massive so-called watering-hole attack appearing to target certain folks in China, in the top story in The Reg's infosec roundup that looks at issues of the past week beyond our own detailed coverage. "We were not able to witness any live attacks and thus could not determine the operational target. However, this campaign once again demonstrates why online privacy needs to be actively protected," said Kaspersky researcher Ivan Kwiatkowski.

A rival hacking forum has yet again hacked OGUsers - the second time in a year - and yet again doxxed its database for one and all to grab, fast on the heels of the attack. OGUsers is a forum devoted to trading stolen Instagram, Twitter and other accounts, with a special place in its dark heart for hackers who like to trade SIM swappers' stolen phone numbers and Bitcoin accounts.

The popular digital wallet application Key Ring recently exposed information belonging to millions of its users, vpnMentor reports. Key Ring is an application that creates a digital wallet on the user's phone and allows them to upload scans and photos of membership and loyalty cards, but many also use it to store copies of IDs, driver's licenses, credit cards, and the like.

Mozilla has released critical security updates for Firefox and Firefox ESR on Friday, patching two vulnerabilities that are being actively exploited by attackers. Update ASAP. Home users and enterprise admins are advised to implement the provided updates as soon as possible.