Security News > 2020

SAN FRANCISCO - Cybercriminals are pushing boundaries in looking for new ways to cash in on the healthcare space - whether it is persuading desperate patients to download health information apps that actually infect their devices with malware, attacking hospitals with ransomware attacks or even selling patients fraudulent insurance or medicine on illicit online markets. Not only is the medical space a treasure trove of personal identifiable information collected from patients, but medical device manufacturers and hospitals lack basic security hygiene, experts say.

British spies are once again stipulating that tech companies break their encryption so life is made easier for state-sponsored eavesdroppers. The head of the domestic spy agency, Sir Andrew Parker, demanded that companies such as Facebook compromise the security of their messaging products so spies could read off the contents of messages at will.

Now an app developer called Mysk has discovered pasteboard's dark side - malicious apps could exploit it to work out a user's location even when that user has locked down app location sharing. In the simplest scenario, an iPhone user would take a photo, copy it between apps using the pasteboard, from which a malicious app could extract location metadata while comparing it with timestamps to determine whether it was current or taken in the past.

Researchers have found a way to impersonate mobile devices on 4G and 5G mobile networks, and are calling on operators and standards bodies to fix the flaw that caused it. Research into the vulnerability, conducted by academics at Ruhr Universität Bochum and New York University Abu Dhabi, is called Impersonation Attacks in 4G Networks, although deployment requirements for 5G networks mean that it could work on those newer systems too.

New scanning capabilities that Google rolled out to Gmail have resulted in an increased overall detection rate of malicious documents. Of the detected malicious documents, 63% differ from day to day, and the Internet search giant has deployed a new generation of document scanners to improve its detection capabilities via deep learning.

Ransomware-wielding attackers - aided by a service economy that gives them access to more advanced attack tools - are increasingly targeting organizations rather than individuals to shake them down for bigger ransom payoffs, says McAfee's John Fokker. The allure of businesses is clear: Attackers can demand more money, earning a bigger potential haul from any given attack, aided by a service economy designed to help them more easily turn a criminal profit via increasingly advanced attack tools, he says.

The security dynamics too often overlooked in the drive to become a cloud-first organization;. How organizations must reassess how they protect server environments;.

In a RSA 2020 simulation, the Red Team compromised email accounts, created deepfake videos and spread disinformation on Election Day in Adversaria. At RSA 2020, Cybereason assembled a group of journalists and other conference attendees to be the Red Team, in charge of creating just enough chaos to cause residents of the fictional city Adversaria to doubt the results of the election.

A new vulnerability, which may have affected over one billion Wi-Fi-capable devices before patches were released, could have allowed hackers to obtain sensitive information from wireless communications, cybersecurity firm ESET revealed on Wednesday. Dubbed Kr00k and tracked as CVE-2019-15126, the vulnerability caused devices to use an all-zero encryption key to encrypt part of a user's communications, allowing an attacker to decrypt some wireless network packets transmitted by affected devices.

California Attorney General Xavier Becerra recently issued modified draft regulations to carry out the California Consumer Privacy Act that are designed to help businesses take a more pragmatic approach to privacy. The proposed regulations clarify, for example, that businesses are not obligated to search for personal information in response to a consumer's request if certain conditions are met, says Caitlin Fennessy, research director at the International Association of Privacy Professionals.