Security News > 2020 > June

The Kubeflow open-source project is a popular framework for running machine-learning tasks in Kubernetes. Because Kubeflow is a containerized service, these various tasks run as containers in the Kubernetes cluster, and each can present a path for an attacker into the core Kubernetes architecture.

Today, Siemens and industrial AI-firm, SparkCognition, announced a new cybersecurity solution for industrial control system endpoints. According to a joint study conducted by the Ponemon Institute and Siemens that surveyed global energy industry executives, 67% of respondents said industrial control systems are more at risk today from cyberattack than ever before.

As a result, the FBI said it expects cybercriminals to target banking customers with fake banking apps and app-based banking trojans. Phony bank apps spoof the actual apps of major banks to trick users into entering their account credentials.

Australian brewery Lion has suspended production, threatening the flow of beer across the continent-country, after a now confirmed* cyber attack struck down its IT systems. Lion brews southern hemisphere brands including Speights, Steinlager, Lion Red and Brown as well as international brands comprising Guinness, Becks, Corona and Budweiser.

A security researcher was able to compromise an Android application by invoking each of its exposed Activity components. Activities, one of the three primary components of Android apps, are called using Intents, which are messaging objects that applications use to communicate with their different components.

Security researchers claim to have uncovered "Several previously undocumented post-compromise tools" used by a Russia-linked APT to target Microsoft Office and Outlook through Visual Basic for Applications. The Gamaredon hacking crew is said to be targeting Outlook through Visual Basic for Applications, allowing attackers to access the target account's contact book so they can forward phishing emails to a new batch of potential victims.

The methods used by contact tracing apps also play a role in the question of effectiveness versus privacy. Contact tracing apps store contact logs, encryption keys, and other sensitive information on the mobile device.

Let's just start with the big question here: Would you use a contact tracing app and why or why not? Contact tracing is something still done by people in lab coats, and you know, something that you might see maybe in the movies, and it can be supported by exposure notifications, like an app on the phone.

Chinese tech giant Tencent announced this week that it's prepared to offer rewards of up to $140,000 for critical vulnerabilities found in its TencentOS tiny and TencentOS Server operating systems. Tencent informed white hat hackers in mid-April that it teamed up with HackerOne for a bug bounty program with rewards of up to $15,000.

Apple made a big change when it released the iPhone X: It ditched Touch ID fingerprint security for a new face-based biometric sign-on tool called Face ID. The fingerprint scanner on most post-iPhone X Apple products is gone, and in its place is a new camera array capable of capturing a face map that is, according to Apple, 20 times less likely to be hacked than a Touch ID fingerprint. Who does Face ID affect? Face ID affects anyone who plans to use an iPhone X or newer Apple device.