Security News > 2020 > June

Google, it seems, is joining Apple in limiting the maximum validity of web security certificates - those digitally signed blobs of data that put the S in TLS and the padlock in your address bar - to just one year. Others ask why a year is seen as "Too long" given that certificate authorities such as Let's Enrcypt are already issuing certificates that are only valid for three months at a time, thanks to a smoothly automated process for renewal.

A report published on Monday by ESET discusses how attackers take advantage of RDP and what organizations can do to combat them. Though Remote Desktop Protocol can be enough of a security risk on its own, organizations often compound the vulnerabilities by failing to properly secure RDP accounts and services.

According to a BBC report, the NetWalker ransomware is behind the attack. After detecting the attack, UCSF isolated the affected IT system in the medical school's environment so that the core UCSF network was not affected.

Facial-recognition technology used by British police forces does not rely on trawling the internet for random face photos to use as training data, an NEC manager told the courts. "Our biometric templates are unique to NEC and are not portable between vendors," said Paul Roberts, head of global facial recognition at NEC Global subsidiary Northgate Public Services.

Based on a survey commissioned by IBM Security and conducted by the Ponemon Institute, "The 2020 Cyber Resilient Organization Study" found that organizations have gradually improved their ability to plan for, detect, and even respond to cyberattacks over the past five years. The ability of organizations to contain an actual attack dropped by 13% over the past five years, which IBM Security attributed to several factors.

Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same.

SQL databases allegedly stolen from 945 websites have emerged on the Dark Web, potentially impacting tens of millions of people, Lucy Security reports. The collection contains information from a variety of sites worldwide, which appear to have been breached by different hackers, but not by the entity offering them on the Dark Web.

Global lockdowns from COVID-19 have resulted in far fewer fraudsters willing or able to visit retail stores to use their counterfeit cards, and the decreased demand has severely depressed prices in the underground for purloined card data. Gemini's latest find - a 10-month-long card breach at dozens of Chicken Express locations throughout Texas and other southern states that the fast-food chain first publicly acknowledged today after being contacted by this author - saw an estimated 165,000 cards stolen from eatery locations recently go on sale at one of the dark web's largest cybercrime bazaars.

TikTok denied Tuesday sharing Indian users' data with the Chinese government, after New Delhi banned the wildly popular app in a sharp deterioration of relations with Beijing two weeks after a deadly border clash. "TikTok continues to comply with all data privacy and security requirements under Indian law and have not shared any information of our users in India with any foreign government, including the Chinese government," TikTok India chief Nikhil Gandhi said in a statement.

Australia will hire 500 hackers as part of a AU$1.35bn boost to protect the nation's networks from a wave of cyber attacks. Prime Minister Scott Morrison announced this morning that the government would funnel the money from existing defence funding over the next decade to bolster the capabilities of the Australian Signals Directorate and the Australian Cybersecurity Centre.