Security News > 2020 > October

The US Department of Justice, together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption. Modern encryption schemes don't just encrypt network traffic with your long-term encryption keys, but add in what are known as ephemeral keys into the mix - one-time encryption secrets for each communication session that are discarded after use.

TikTok has expanded its vulnerability disclosure policy to include a global bug-bounty program through a partnership with the ethical hacker platform HackerOne. Hackers who find critical vulnerabilities in TikTok's platform can receive between $6,900 to $14,800 according to the program, which marks the first time TikTok has invited the public security community to analyze its platform for vulnerabilities.

Microsoft announced today that Azure Defender for IoT, its agentless security solution for networked IoT and Operational Technology devices, has entered public preview. Azure Defender for IoT is an IoT/OT device threat protection solution that integrates with Microsoft's Azure Sentinel and third-party solutions to provide continuous threat monitoring and vulnerability management.

I think my husband's arrived at like, 1:30 or something in the morning, Thursday morning, so they kind of sent this out under cover of darkness, which I'm sure they want to minimize the publicity around it, but that's not going to happen because it's Barnes and Noble. Over the weekend, the Nook e-book reader - which my mom has one of those and they're kind of awesome - but the syncing feature for that went down and there was this outage that continued and it just kind of trended on a low level, nobody really knew what was going on.

Britain's information commissioner has fined British Airways 20 million pounds for failing to protect personal data for some 400,000 customers, the largest fine the agency has ever issued. The ICO said in a statement Friday that the airline was processing personal data without adequate security measures.

The group had three hierarchical levels: leaders, mid-level managers, and money mules. The funds were transferred through a complex series of transactions that included transfers to other bank accounts controlled by the money-laundering group and conversion to cryptocurrency.

British Airways is to pay a £20m data protection fine after its 2018 Magecart hack - even though the Information Commissioner's Office discovered the airline had been saving credit card details in plain text since 2015. It also condemned BA's claims during fine negotiations that credit card data breaches are "An entirely commonplace phenomenon" and "An unavoidable fact of life".

Early stage venture investment in cybersecurity has apparently started to stabilize in the third quarter of 2020, according to Washington, D.C.-based cybersecurity venture capital firm and incubator DataTribe. A report published by DataTribe in March revealed that the number of early stage investments in cyber had declined in the first two months of 2020 compared to the same period of the previous year, but noted that the drop was likely not caused by the COVID-19 pandemic, arguing that it typically takes up to two quarters to close an investment.

These 4 packages had collected over 1,000 total downloads over the course of the last few months up until being removed by NPM yesterday. Although the malicious packages were spotted and removed by NPM, I was able to dig into Sonatype's automated malware detection system archives to obtain copies of their source code, as it had existed on NPM downloads.

Hackers needed roughly 24 hours to take over high-profile Twitter accounts in the July attack, a report from the New York Department of Financial Services reveals. A couple of weeks after the incident, Twitter revealed that hackers targeted some employees with phone phishing until gaining access to the account support tools they needed.