Security News > 2020 > October

Researchers say they've uncovered a series of potentially serious vulnerabilities in devices made by online privacy firm Winston Privacy. Winston Privacy provides a hardware-based service designed to boost online privacy and security.

Office furniture giant Steelcase has suffered a ransomware attack that forced them to shut down their network to contain the attack's spread. Steelcase is the largest office furniture manufacturer globally, with 13,000 employees and $3.7 billion in 2020. On October 22, 2020, Steelcase Inc. detected a cyberattack on its information technology systems.

Researchers have discovered a raft of malicious gaming apps on Google Play that come loaded with adware, signaling that the tech giant continues to struggle with keeping bad apps off its online marketplace. Among these endeavors include stronger vetting mechanisms-which resulted in more than 790,000 apps that violate Google's policies for app submission stopped last year before they were ever published-as well as an alliance with three endpoint security firms to help stop malicious apps before they get to Google Play.

Details of bank vault floor plans, alarm systems and the security arrangements for Swedish authorities have been leaked online after a security company was hacked, local media reported Tuesday. A total of 19 gigabytes of information and around 38,000 files were stolen from security group Gunnebo by one or more hackers in August, according to newspaper Dagens Nyheter.

The Federal Bureau of Investigation issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances. Vulnerable SonarQube servers have been actively exploited by attackers since April 2020 to gain access to data source code repositories owned by both government and corporate entities, later exfiltrating it and leaking it publicly.

Slate magazine was able to cleverly read the Ghislaine Maxwell deposition and reverse-engineer many of the redacted names. We’ve long known that redacting is hard in the modern age, but most of...

Toka, an Israel-based company that provides intelligence and defense solutions to governments, announced on Tuesday that it has raised $25 million in a Series B funding round. Toka launched in July 2018, when it also announced raising $12.5 million in seed funding.

A British startup is hoping to strap 5G antennas to liquid-hydrogen-powered high-altitude pseudo-satellites in the hope of replacing mobile base stations on the ground. Bruno Jacobfeuerborn, chief exec of DT's mobile mast subsidiary, said in a canned statement: "We are thrilled to be working with Stratospheric Platforms to realise our vision of connectivity from the sky. SPL's unique technology will enable us to deliver to all our customers, wherever they are located, a true broadband experience. We welcome other investors to join us on this journey to cost-effectively address the challenges of broadband roll-out."

A report published last year has noted that most attacks against artificial intelligence systems are focused on manipulating them, but that new attacks using machine learning are within attackers' capabilities. Microsoft now says that attacks on machine learning systems are on the uptick and MITRE notes that, in the last three years, "Major companies such as Google, Amazon, Microsoft, and Tesla, have had their ML systems tricked, evaded, or misled." At the same time, most businesses don't have the right tools in place to secure their ML systems and are looking for guidance.

Spanish financial giant Santander has downplayed claims its international money transfer startup PagoFX was compromised. At the end of last week, The Register was contacted by an anonymous source who claimed "Database schemas, infrastructure docs, digital risk assessments, customer security checks, and Salesforce training material" belonging to PagoFX had been stolen and put up for sale on an underground hacking forum.