Security News > 2020 > November

That's because pretty much every mobile phone in the world can receive text messages, regardless of its age, feature set or ability to access the internet. The obvious solution in cases like this, where you want to check if there really is a problem with your mobile phone account balance - or your credit card statement, or, your latest home delivery, or your streaming video subscription, or whatever it might be.

Microsoft's Patch Tuesday updates for November 2020 address more than 110 vulnerabilities, including a Windows flaw that was recently disclosed by Google after it was observed being exploited in attacks. The actively exploited Windows vulnerability is tracked as CVE-2020-17087 and it has been described as a local privilege escalation issue related to the Windows Kernel Cryptography Driver.

Adobe on Tuesday informed customers that it has patched vulnerabilities in its Reader Mobile and Connect products, but none of them appears too serious. The company says the patches are already being rolled out to hosted services and they should become available for on-premises deployments later this week.

Researchers have disclosed the details of a new side-channel attack method that can be used to obtain sensitive information from a system by observing variations in the processor's power consumption. The PLATYPUS attack relies on having access to Intel's Running Average Power Limit, a feature introduced by the company with the Sandy Bridge microarchitecture and which is designed for monitoring and controlling the CPU and DRAM power consumption.

An international team of security researchers is presenting new side-channel attacks, which use fluctuations in software power consumption to access sensitive data on Intel CPUs. Power side-channel attacks are attacks that exploit fluctuations in power consumption to extract sensitive data such as cryptographic keys.

Boffins based in Austria, Germany, and the UK have identified yet another data-leaking side-channel flaw affecting Intel processors, and potentially other chips, that exposes cryptographic secrets in memory. The paper describes a way to extract confidential data from devices by measuring power consumption fluctuations in Intel chips from Sandy Bridge onward using just software and without the need to physically wire instruments to machines.

As COVID-19 continues to threaten the world, these types of attacks are expected to persist, according to cyber threat intelligence provider Check Point Research. In a report released Tuesday titled Securing the 'next normal, Check Point discussed its 2021 predictions in the face of the pandemic.

After years of complaints about over-permissioned apps that collect, use and share private user information, Apple will be making developer privacy policies more transparent for consumers. Starting Dec. 8, iOS and macOS developers will be required to provide detailed information about how their apps collect information, which data they collect and what it will be used for, according to an Apple post on its developer support page.

Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. "This is ridiculous and looks like a big fat lie," reads the Facebook ad campaign from the Ragnar crime group.

A British infosec outfit spotted a privilege escalation vulnerability in EA Games' Origin client after discovering the software was hunting for an absent DLL file when users opened it. Nettitude found the priv-esc after researcher Tom Wilson fired up Origin and ran Process Monitor over it to see what Origin was calling when it ran.