Security News > 2020 > September

TikTok won a last-minute reprieve late Sunday as a US federal judge halted enforcement of a politically charged ban ordered by the Trump administration on downloads of the popular video app, hours before it was set to take effect. The Trump administration order had sought to ban new downloads of the app from midnight but would allow use of TikTok until November 12, when all usage would be blocked.

Foreign-backed disinformation campaigns will spread fake news about the results of the upcoming US election in an effort to sow doubt and outrage among the American public. The two agencies believe that in the immediate aftermath of the presidential election on November 3, Americans will be bombarded with false stories about the vote tally, reports of voter fraud, and other issues that would stoke division as the country awaits official election results - a process that could take weeks.

Around 40 per cent of staff in British and American corporations have access to sensitive data that they don't need to complete their jobs, according to recent research. In a survey commissioned by IT security firm Forcepoint of just under 900 IT professionals, 40 per cent of commercial sector respondents and 36 per cent working in the public sector said they had privileged access to sensitive data through work.

Twitter last week started sending emails to developers to inform them of a vulnerability that might have resulted in the disclosure of developer information, including API keys. Designed to provide developers using the Twitter platform and APIs with access to documentation, community discussion, and other type of information, the portal also offers app and API key management functionality.

Naked Security Live - here's the recorded version of our latest video. Enjoy.

Get ready for this year’s OWASP Top 10 with us and F5 Webcast Whether you’re into cybersecurity or application development, you probably also like lists, which means you probably love the OWASP Top 10.…

Maggie Jauregui's introduction to hardware security is a fun story: she figured out how to spark, smoke, and permanently disable GFCI wirelessly with a walkie talkie. Hardware-based security typically refers to the defenses that help protect against vulnerabilities targeting these devices, and it's main focus it to make sure that the different hardware components working together are architected, implemented, and configured correctly.

COVID-19 has put a renewed spotlight on the importance of defending against cyberattacks and data breaches as more users are accessing data from remote or non-traditional locations. The frequency and sophistication of ransomware, phishing schemes, and data breaches have the potential to destroy both brand health and financial viability.

Russia has taken the unusual step of posting a proposal for a new information security collaboration with the United States of America, including a no-hack pact applied to electoral affairs. The document, titled "Statement by President of Russia Vladimir Putin on a comprehensive program of measures for restoring the Russia - US cooperation in the filed [sic] of international information security", opens by saying "One of today's major strategic challenges is the risk of a large-scale confrontation in the digital field" before adding: "A special responsibility for its prevention lies on the key players in the field of ensuring international information security."

In an environment where very limited transparency on the root cause and the true impact is afforded we are left with isolated examples to point to the direct cost of a security incident. For the impact on ransomware, it was the impact WannaCry had on healthcare and will likely be replaced with the awful story where a patient sadly lost their life because of a ransomware attack.