Security News > 2020 > November

Last year, Weinert noted that using any form of MFA is better than relying just on a password for security, as it "Significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population." The SMS and voice formats aren't adaptable to user experience expectations, technical advances, and attacker behavior in real-time.

Swiss politicians only found out last year that cipher machine company Crypto AG was owned by the US and Germany during the Cold War, a striking report from its parliament has revealed. Although Swiss spies themselves knew that Crypto AG's products were being intentionally weakened so the West could read messages passing over them, they didn't tell governmental overseers until last year - barely one year after the operation ended.

Stock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum. 123RF is a popular stock photo and vector site that sells royalty-free images, videos, and audio to be used on websites, printed content, and videos.

The report also illustrates a shift in the way workers perceive IT. Half of the respondent employees said they "Had more empathy, had more respect or were more grateful for IT.". On Thursday, Snow Software released its "2021 IT Priorities Report." The findings are based on a survey involving 1,000 leaders in IT and 3,000 workers located in the US, UK, Australia, and Germany.

Apple allows data disclosure to be optional if all of the following conditions apply: if it's not used for tracking, advertising or marketing; if it's not shared with a data broker; if collection is infrequent, unrelated to the app's primary function, and optional; and if the user chooses to provide the data in conjunction with clear disclosure, the user's name or account name is prominently displayed with the submission. Developers must disclose the use of contact information, health and financial data, location data, user content, browsing history, search history, identifiers, usage data, diagnostics, and more.

A Swedish court has suspended a decision banning Huawei equipment from the country's 5G network while it considers the merits of the case against the Chinese telecoms giant. Huawei said that the ban, which prohibits operators in Sweden from acquiring new equipment and gradually remove Huawei kit already installed on their 5G networks, will cause irreparable harm to its business.

Google has released another update for Chrome 86 to patch two more zero-day vulnerabilities that have been exploited in the wild. Google has credited "Anonymous" for reporting the flaws - it's unclear if it's the same or two different anonymous individuals - and it has not shared any information about the attacks in which they have been exploited.

Join SecurityWeek and TXOne Networks for a webinar on November 12, 2020 at 1:00PM ET to learn how you can strengthen and simplify your ICS security to make your network significantly harder to infiltrate. This session will discuss the ICS cyber threat landscape and demonstrate how ICS network segmentation, trust lists, and virtual patch technology can create new foundations of cybersecurity for industrial network.

Office furniture giant Steelcase says that no information was stolen during a Ryuk ransomware attack that forced them to shut down global operations for roughly two weeks. Steelcase is the world's largest office furniture manufacturer, with almost 13,000 employees, a network of 800 dealers, and $3.7 billion in revenue in 2020.

ESET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series 3700 POS - a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide. What makes the backdoor distinctive are its downloadable modules and their capabilities, as it contains a custom algorithm designed to gather RES 3700 POS database passwords by decrypting them from Windows registry values.