Security News > 2020 > April

Twitter informed users on Thursday that their personal information may have been exposed due to the way the Firefox web browser stores cached data. "We recently learned that the way Mozilla Firefox stores cached data may have resulted in non-public information being inadvertently stored in the browser's cache," Twitter explained.

Return-oriented programming has been a very common technique that's particularly hard to block, because instead of trying to inject their own code into running processes, attackers look for small chunks of the legitimate code that's already in memory that contain 'returns' - where the code jumps forward to a new routine or back to the main thread. "With ROP, I can't create new code; I can only jump around to different pieces of code and try to string that together into a payload," Dave Weston, director of OS security at Microsoft told TechRepublic. If the legitimate code has a memory safety bug like a buffer overflow, corrupting those pointers in memory means the system starts running the attacker's own code instead of going back to the address in the program's call stack.

Bona fide IRS agents wouldn't do any of those things, IRS Commissioner Chuck Rettig said. Taxpayers who don't have their refunds direct-deposited should beware of what the IRS and its Criminal Investigation Division say is a wave of new and evolving phishing schemes that target them in particular.

Video-conferencing app maker Zoom has promised to do better at security after a bruising week in which it was found to be unpleasantly leaky in several ways. Host a weekly webinar on Wednesdays at 10am PT to provide privacy and security updates to our community.

While newer regulations like the EU's General Data Protection Regulation and the California Consumer Privacy Act are steps in the right direction to protect consumer privacy, there is a need for tighter regulation for facial recognition technology. Facial recognition vs. facial authentication.

As COVID-19 continues to spread, remote work is no longer an experiment, but a requirement in many nations. While it represents a huge change, the results of a research conducted by OnePoll and Citrix, reveal that a majority of employees around the world are adapting to working from home and believe it will become the new normal for the way work gets done.

That high number is likely caused by the fact that while nearly 90% are backing up the IT components they're responsible for protecting, only 41% back up daily - leaving many businesses with gaps in the valuable data available for recovery. The findings revealed that while 91% of individuals back up data and devices, 68% still lose data as a result of accidental deletion, hardware or software failure, or an out-of-date backup.

Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. MakeFrame attacks have been attributed to Magecart Group 7 for its approach of using the compromised sites to host the skimming code, load the skimmer on other compromised websites, and siphon off the stolen data.

Security and network services are the top challenges for enterprises deploying or considering UCaaS and CCaaS technologies, and decision makers prefer bundled solutions that add security features, a software-defined network, and 24/7 performance monitoring, according to Masergy. The study analyzed responses from IT decision makers at global enterprises that are evaluating, planning to implement or have implemented UCaaS or CCaaS. Findings revealed that data security and network performance are the top two areas that IT focuses on to ensure their UCaaS and CCaaS solutions are successfully delivering on business goals.

Turns out merely visiting a website - not just malicious but also legitimate sites unknowingly loading malicious ads as well - using Safari browser could have let remote attackers secretly access your device's camera, microphone, or location, and in some cases, saved passwords as well. "If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom," Pickren said.