Security News > 2020 > December

A defined security culture is helping the financial industry, though the fundamentals should apply to any business. To combat the human weak link, Javvad Malik, security awareness advocate at KnowBe4, in his Global Banking & Finance Review commentary The Psychology Behind a Strong Security Culture in the Financial Sector, suggests that business leaders try a new strategy: Develop a security culture within their organization.

Spotify has alerted users that some of their registration data was inadvertently exposed to a third-party business partner, including emails addresses, preferred display names, passwords, gender and dates of birth. "A very small subset of Spotify users was impacted by a software bug, which has now been fixed and addressed." A statement from a Spotify spokesperson to Threatpost read. "Protecting our users' privacy and maintaining their trust are top priorities at Spotify. To address this issue, we issued a password reset to impacted users. We take these obligations extremely seriously."

Apple has begun spelling out what kinds of personal information is being collected by the digital services displayed in its app stores for iPhones and other products made by the trendsetting company. Apple announced the changes were coming six months ago as part of an effort to help its customers gain a better understanding of how apps monitor their habits, tastes and whereabouts.

The Pay2Key ransomware group on Sunday posted what appear to be details of internal files obtained from Habana Labs, an Israel-based chip startup acquired a year ago by Intel. The hacking group, which has been linked to Iranians by security firm Check Point, published a screenshot of source code credited to Habana Labs via Twitter, alongside a link to a Tor Browser-accessible.

This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language's XML parser. The XML round-trip vulnerabilities listed below lurk in Golang's XML language parser encoding/xml which doesn't return reliable results when encoding and decoding XML input.

It is important not to overstate the effectiveness of persuasive technologies. There are few legal or even moral limits on persuasion­ - and few answers regarding the effectiveness of such technologies.

A man has been sentenced to two years in jail after being convicted of hacking Cisco's Webex collaboration platform in an insider-threat case brought to the U.S. District Court in California. As a result, 16,000 WebEx Teams accounts were shut down for up to two weeks; and, the incident cost Cisco about $1.4 million in remediation costs, including refunding $1 million to affected customers, according to a court announcement.

This is a current list of where and when I am scheduled to speak: I’m speaking (online) at Western Washington University on January 20, 2021. Details to come. I’ll be speaking at an Informa event...

SolarWinds' investigation into the recent attacks that leveraged its products to target government and private sector organizations revealed that 18,000 customers may have used the compromised products, the company said in a filing with the Securities and Exchange Commission on Monday. The vendor says the attacker could have exploited the introduced vulnerability to compromise the server running the Orion product.

Apple on Monday released a major point-upgrade to its flagship iOS and iPadOS mobile operating systems to patch a handful of serious security vulnerabilities. The iOS 14.3 and iPadOS 14.3 release will provide cover for 11 documented security flaws, some serious enough to expose iPhones and iPads to code execution attacks.