Security News > 2020 > July

Communications service providers can now tap the full potential of 5G New Radio technology with the commercial availability of Ericsson Standalone 5G NR software for 5G mid- and low bands. T-Mobile and Telstra are long-standing Ericsson partners who have trialed the Ericsson Standalone 5G NR software on their commercial networks.

RSA announces that NewDay has selected and deployed RSA Adaptive Authentication for eCommerce to deliver advanced fraud protection for digital payments and address the requirements of the EMV 3-D Secure protocol. RSA Adaptive Authentication for eCommerce helps card issuers and payments processors prevent more than 95 percent of fraud in card-not-present e-commerce transactions and provide a frictionless authentication and shopping experience for cardholders.

V-Key announced that V-OS, V-Key's core patented technology, is the world's first virtual secure element to receive a Common Criteria Evaluation Assurance Level rating of 3+, derived from the U.S. Government's Protection Profile for General Purpose Operating Systems. Mr. Er Chiang Kai, Chief Technology Officer of V-Key, said, "The more complex the product, the more requirements and steps necessary to validate its security. Only the top few IT solutions made it to level 3 with a well-recognised Protection Profile. For V-OS to achieve this level of assurance is a testament to the strength and trustworthiness of our product."

An Instagram super-star with 2.3 million followers has been extradited to America accused of conspiring to launder hundreds of millions of dollars obtained via cyber-crime. Abbas allegedly ran so-called business email compromise scams, which typically involve hijacking email accounts, or impersonating strangers in emails, to fool victims into transferring money to the scammer's bank account rather than a legit recipient.

An Instagram super-star with 2.3 million followers has been extradited to America accused of conspiring to launder hundreds of millions of dollars obtained via cyber-crime. Abbas allegedly ran so-called business email compromise scams, which typically involve hijacking email accounts, or impersonating strangers in emails, to fool victims into transferring money to the scammer's bank account rather than a legit recipient.

An amended version of America's controversial proposed EARN IT Act has been unanimously approved by the Senate Judiciary Committee - a key step in its journey to becoming law. Concerns over the law being used to force tech companies to introduce encryption backdoors led to an amendment [PDF], put forward by Senator Patrick Leahy, that stated online platforms won't face civil or criminal liability if they are unable to break end-to-end encryption in their own services.

By default, macOS does not maintain integrity while hibernating. The problem is that while the key is stored in resident memory, it is unencrypted, allowing an attacker the opportunity to recover the non-obfuscated key using freely available tools to repeal FileVault's protections and gain unauthorized access to the now decrypted data stored on your device.

UPDATE. A healthy percentage of Android users targeted by mobile malware or mobile adware last year suffered a system partition infection, making the malicious files virtually undeletable. "A system partition infection entails a high level of risk for the users of infected devices, as a security solution cannot access the system directories, meaning it cannot remove the malicious files," the firm explained, in a posting on Monday.

Facebook, WhatsApp and Telegram will deny law enforcement requests for user data in Hong Kong as they assess the impact of a new national security law enacted last week. Facebook and its messaging app WhatsApp said in separate statements Monday that they would freeze the review of government requests for user data in Hong Kong, "Pending further assessment of the National Security Law, including formal human rights due diligence and consultations with international human rights experts."

Security experts are urging companies to deploy an urgent patch for a critical vulnerability in F5 Networks' networking devices, which is being actively exploited by attackers to scrape credentials, launch malware and more. Last week, F5 Networks issued urgent patches for the critical remote code-execution flaw, which has a CVSS score of 10 out of 10.