Security News > 2020 > May

Researchers analyzed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that could be exploited to hack users' devices. VPNpro, a company that specializes in analyzing and comparing VPN services, analyzed the 20 most popular VPNs to see which of them allow attackers to intercept communications and push fake updates.

Developers who create contact tracing apps using a joint technology from Apple and Google will not be able to track the location of users. The guidelines specifically state: "A Contact Tracing App may not use location-based APIs, may not use Bluetooth functionality, and may not collect any device information to identify the precise location of users. In addition, Contact Tracing Apps are prohibited from using frameworks or APIs in the Apple Software that enable access to personally identifiable information, unless otherwise agreed by Apple."

In order to keep company data safe and use it to its full potential, follow these tips on tracking and monitoring data access and usage. Many enterprises don't know how employees are using their data, and they deal with incidents of employee insider data hacks that can be as threatening as data compromises that come from the outside, according to Virtru, a data encryption company.

It's the twentieth anniversary of the ILOVEYOU virus, and here are three interesting articles about it and its effects on software design....

Citrix this week announced that updates released for Citrix ShareFile storage zones controllers address several information disclosure vulnerabilities. With storage zones controllers, the ShareFile Software-as-a-Service cloud storage also offers private storage for ShareFile data, which is known as storage zones.

"While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it's only in the past few days that they've truly ramped up, to the point where more than 20 million attacks were attempted against more than half a million individual sites on May 3, 2020," Wordfence analysts discovered. "Over the course of the past month in total, we've detected over 24,000 distinct IP addresses sending requests matching these attacks to over 900,000 sites."

Researchers have poked another small hole in air gapped security by showing how the electronics inside computer power supply units can be turned into covert data transmission devices. Normally, if a computer is physically isolated from other computers it is seen as being more secure because there is no channel for data to be transmitted in or out of the device.

Adult live-streaming site CAM4 has spilt millions of users' private chats, emails, names, email addresses, sexual preferences, password hashes, IP addresses and more. A streaming site for amateurs to watch live, explicit performances, it offers customers the ability to buy virtual tokens if they want to tip performers or watch private shows.

Australian shipping giant Toll informed customers on Tuesday that it has shut down some IT systems after discovering a piece of ransomware. Toll said it discovered the ransomware after seeing unusual activity on some servers.

SAP this week revealed that it is notifying customers of a series of security issues that it has identified in its cloud products. The Germany-based enterprise software maker said it discovered that some of its cloud products "Do not meet one or several contractually agreed or statutory IT security standards at present."