Security News > 2020

Leisure travel company Carnival Corporation has started informing customers of a data breach that occurred last year and which resulted in their personal information being accessed by a third-party. The company owns 10 global cruise line brands and a tour company, has a fleet of 102 ships visiting more than 700 ports around the world, and employs over 120,000 people.

A study of texting habits has found that 68% of businesses are now communicating with customers via text-and that number will likely increase. The bottom line, said Zipwhip CEO John Lauer, is that businesses need to accept that customers want to text them instead of calling.

Cisco Webex Player is also affected, which used to play back Webex Recording Format files on the Windows OS. WRF files contain audio and video recordings, typically used for demonstrations, training and conferencing. While Cisco did not detail the technicalities of the vulnerabilities, it said that "An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system," according to Cisco in a Wednesday advisory.

Cisco Webex Player is also affected, which used to play back Webex Recording Format files on the Windows OS. WRF files contain audio and video recordings, typically used for demonstrations, training and conferencing. While Cisco did not detail the technicalities of the vulnerabilities, it said that "An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system," according to Cisco in a Wednesday advisory.

Most Intel chipsets released in the past five years are affected by a vulnerability that can be exploited to obtain encrypted data and compromise data protection technologies, Positive Technologies revealed on Thursday. According to Positive Technologies, CVE-2019-0090 is an unfixable vulnerability that affects the Converged Security and Management Engine boot ROM on most Intel chipsets and system on chips, except for Ice Point chipsets.

It cannot be fixed without replacing the silicon, only mitigated, it is claimed: the design flaw is baked into millions of Intel processor chipsets manufactured over the past five years. Buried deep inside modern Intel chipsets is what's called the Management Engine, or these days, the Converged Security and Manageability Engine.

Cyber criminals have been trying out a new approach for delivering malware: fake alerts about outdated security certificates, complete with an "Install" button pointing to the malware. The malware peddlers behind this scheme are obviously counting on users not knowing exactly what a security certificate is and that they are not responsible for keeping it updated, as well as exploiting users' desire to keep themselves safe online.

On Tuesday, multiple reports suggested that Facebook has decided not to support its Libra virtual currency in its own products and will instead offer users the ability to make payments with government-issued currencies, or that the platform and its partners are weighing whether they should recast it as mostly a payments network that could operate with multiple coins. According to a report from The Information that cited three sources, Facebook has been mulling offering digital versions of currencies such as the US dollar and the euro, in addition to its proposed Libra token.

Hackers have started scanning the web in search of Apache Tomcat servers affected by a recently disclosed vulnerability tracked as CVE-2020-1938 and dubbed Ghostcat. Bad Packets told SecurityWeek on Wednesday that the scanning activity they have detected is designed to enumerate vulnerable servers by checking for the path "/WEB-INF/web.

Pandemic disease experts at the World Health Organization, the US Centers for Disease Control and Prevention, and other public-health agencies are gathering information to learn how and where the virus is spreading. States hostile to the West have a long track record of manipulating information about health issues to sow distrust.