Security News > 2020 > June

Vulnerabilities in the GPRS Tunnelling Protocol expose 4G and 5G cellular networks to a variety of attacks, including denial-of-service, user impersonation, and fraud, Positive Technologies security researchers warn. Some of the attacks may be performed with the simple use of a mobile phone and all of the tested networks were found vulnerable to DoS, impersonation, and fraud, the researchers say.

Windows 10 users woke up to borked printers following the monthly Microsoft bugfix party, Patch Tuesday. The timing is unfortunate since many Windows 10 users are now working from home and relying on directly connected printers for remote working.

Microsoft is joining Amazon and IBM when it comes to halting the sale of facial recognition technology to police departments. "We will not sell facial recognition tech to police in the U.S. until there is a national law in place We must pursue a national law to govern facial recognition grounded in the protection of human rights," Smith said during a virtual event hosted by the Washington Post.

The Maze ransomware gang has struck again - this time targeting an American M&A practice which counts former Spice Girl Victoria Beckham as one of its clients. Posh Spice's corporate tentacle, which flogs perfume and suchlike to the great unwashed, is a client of Threadstone Advisors LLP, a New York corporate advisory firm specialising in mergers 'n' acquisitions.

Researchers have discovered a new Android spyware, dubbed ActionSpy, targeting victims across Tibet, Turkey and Taiwan. "ActionSpy, which may have been around since 2017, is an Android spyware that allows the attacker to collect information from the compromised devices," said researchers with Trend Micro in a Thursday analysis.

If, for example, your program is reading through an array of data to perform a complex calculation based on all the values in it, the processor needs to make sure that you don't read past the end of your memory buffer, because that could allow someone else's private data to leak into your computation. The theory is that if the checks fail, the chip can just discard the internal data that it now knows is tainted by insecurity, so there's a possible performance boost without a security risk given that the security checks will ultimately prevent secret data being disclosed anyway.

Cyber-threats taking advantage of the COVID-19 pandemic are evolving, and Google is seeing an increase in related phishing attempts in countries such as Brazil, India, and the UK. As the coronavirus crisis spreads worldwide, cyber-criminals and state-sponsored actors have adapted their attacks to leverage pandemic-related lures. Google says it has observed an increase in the number of scams targeting Aarogya Setu, an initiative where the government is trying to connect people across India with essential health services.

With a few quick clicks, you can detect network abuse with Wireshark. To that end, I wanted to show you one way to detect network abuse with Wireshark.

Due to the frequency, most of the public and news outlets focus on only the most damaging breaches containing the most sensitive personal identifying information, routinely ignoring the more common hacks that leak usernames and passwords for basic website accounts. While a number of different options have emerged, Ethereum co-founder Charles Hoskinson said in an interview that blockchain was the key to a passwordless future for the internet.

Australian beverages company Lion reported this week that its systems have been infected with a piece of ransomware that caused disruptions to manufacturing processes and customer service. The company revealed on June 9 that it had shut down its IT systems as a result of a "Cyber incident," causing disruption to customers and suppliers.