Security News > 2020 > June

UPDATE. A researcher is warning that a WhatsApp feature called "Click to Chat" puts users' mobile phone numbers at risk - by allowing Google Search to index them for anyone to find. The phone numbers are revealed as part of a URL string and so, this in effect "Leaks" the mobile phone numbers of WhatsApp users in plaintext, according to the researcher's view.

IBM this week announced the availability of open source toolkits that allow for data to be processed while it's still encrypted. The toolkits implement fully homomorphic encryption, which enables the processing of encrypted data without providing access to the actual data.

UK government has published the contracts it holds with private tech firms and the NHS for the creation of a COVID-19 data store, just days after campaigners fired legal shots over a lack of transparency. Campaign groups Foxglove and openDemocracy, which brought the action, said that the documents show the tech firms were set to build data models for commercial purposes from NHS training data before being challenged.

The latest Naked Security podcast is out now!

Security researchers at WordFence, a company that's focused on securing WordPress, have reported a burst of old-school attacks that are after your WordPress configuration data. This file is located in the root of your WordPress file directory and contains your website's base configuration details, such as database connection information.

San Francisco, CA-based attack surface management firm RiskIQ has raised $15 million in a Series D funding round led by National Grid Partners. RiskIQ monitors the attack surface from outside of the firewall, with services including vulnerability management, application security and penetration testing.

The Russian Foreign Ministry on Thursday angrily rejected Germany's allegations over Russian intelligence involvement in a cyberattack against the German parliament. The ministry's spokeswoman, Maria Zakharova, said the claim concerning a 2015 hacking attack on the German parliament was "Absurd" and "Unfounded."

Privacy-focused communications application Signal this week announced a new feature meant to enhance user privacy amid social turmoil in the United States: a blur tool. Available in the image editor, the functionality is meant to help protect the privacy of the people in the photos shared over Signal.

A critical vulnerability affecting traffic light controllers made by SWARCO could have been exploited by hackers to disrupt a city's traffic lights. Peter Fröhlich, managing director at ProtectEM, told SecurityWeek that the vulnerability was discovered during a security audit conducted for a city in Germany that hired his company to analyze networked traffic systems.

The North Atlantic Treaty Organization this week publicly condemned the malicious cyber-activities directed against COVID-19 responders. Now, a month later, the North Atlantic Council issued a public statement condemning the "Destabilizing and malicious cyber activities" targeting entities critical to the response against the COVID-19 pandemic, such as healthcare services, hospitals and research institutes.