Security News > 2020 > June

WhatsApp Phone Numbers Pop Up in Google Search Results — But is it a Bug?
2020-06-05 16:01

UPDATE. A researcher is warning that a WhatsApp feature called "Click to Chat" puts users' mobile phone numbers at risk - by allowing Google Search to index them for anyone to find. The phone numbers are revealed as part of a URL string and so, this in effect "Leaks" the mobile phone numbers of WhatsApp users in plaintext, according to the researcher's view.

IBM Releases Open Source Toolkits for Processing Data While Encrypted
2020-06-05 15:36

IBM this week announced the availability of open source toolkits that allow for data to be processed while it's still encrypted. The toolkits implement fully homomorphic encryption, which enables the processing of encrypted data without providing access to the actual data.

UK govt publishes contracts granting Amazon, Microsoft, Google and AI firms access to COVID-19 health data
2020-06-05 15:36

UK government has published the contracts it holds with private tech firms and the NHS for the creation of a COVID-19 data store, just days after campaigners fired legal shots over a lack of transparency. Campaign groups Foxglove and openDemocracy, which brought the action, said that the documents show the tech firms were set to build data models for commercial purposes from NHS training data before being challenged.

Botnet blasts WordPress sites with configuration download attacks
2020-06-05 14:35

Security researchers at WordFence, a company that's focused on securing WordPress, have reported a burst of old-school attacks that are after your WordPress configuration data. This file is located in the root of your WordPress file directory and contains your website's base configuration details, such as database connection information.

RiskIQ Raises $15 Million to Help Focus on Critical Industries
2020-06-05 13:55

San Francisco, CA-based attack surface management firm RiskIQ has raised $15 million in a Series D funding round led by National Grid Partners. RiskIQ monitors the attack surface from outside of the firewall, with services including vulnerability management, application security and penetration testing.

Russia Angrily Denies German Allegations on 2015 Cyberattack
2020-06-05 13:42

The Russian Foreign Ministry on Thursday angrily rejected Germany's allegations over Russian intelligence involvement in a cyberattack against the German parliament. The ministry's spokeswoman, Maria Zakharova, said the claim concerning a 2015 hacking attack on the German parliament was "Absurd" and "Unfounded."

Signal Adds Face Blurring Tool to Protect User Privacy
2020-06-05 13:29

Privacy-focused communications application Signal this week announced a new feature meant to enhance user privacy amid social turmoil in the United States: a blur tool. Available in the image editor, the functionality is meant to help protect the privacy of the people in the photos shared over Signal.

Critical Vulnerability Could Have Allowed Hackers to Disrupt Traffic Lights
2020-06-05 12:33

A critical vulnerability affecting traffic light controllers made by SWARCO could have been exploited by hackers to disrupt a city's traffic lights. Peter Fröhlich, managing director at ProtectEM, told SecurityWeek that the vulnerability was discovered during a security audit conducted for a city in Germany that hired his company to analyze networked traffic systems.

NATO Condemns Cyberattacks Against COVID-19 Responders
2020-06-05 11:43

The North Atlantic Treaty Organization this week publicly condemned the malicious cyber-activities directed against COVID-19 responders. Now, a month later, the North Atlantic Council issued a public statement condemning the "Destabilizing and malicious cyber activities" targeting entities critical to the response against the COVID-19 pandemic, such as healthcare services, hospitals and research institutes.