Security News > 2020

Slickwraps, a company that provides protection solutions and accessories for phones, computers and other devices, has revealed that user data was compromised recently after a third party accessed an unprotected database left accessible from the Internet. The company did not provide specific information on the number of impacted users, but Troy Hunt, founder of data breach notification service Have I Been Pwned, says that 858,000 unique email addresses were compromised in the data breach.

Millions of people are eagerly anticipating this summer's Olympic Games in Tokyo-and so are cyberattackers. "Events like the Olympics serve as an amplifier for cybercrime," said Emily Wilson, vice president of research at Terbium Labs.

New Mexico is suing Google, alleging the company violates federal child privacy law by collecting personal data of students younger than age 13 without their parents' consent. In a lawsuit filed Thursday in federal court, New Mexico alleges that Google collects from children their physical locations, browsing histories including YouTube videos, search terms, personal contact lists, voice recordings, saved passwords and behavioral data.

Cisco on Monday unveiled SecureX, a new cloud-native security platform designed to improve visibility, deliver analytics, and automate common security workflows. SecureX, expected to become generally available in June, will unify visibility across an organization's security portfolio, including Cisco and third-party solutions.

Implementing the concept of "Privacy design" requires a series of critical steps, says Heikki Tolvanen, chief legal engineer at PrivacyAnt, a Finland-based privacy consulting firm, who offers insights on mistakes to avoid. "You just have to keep in mind all the different privacy requirements. For example, under GDPR, we have a lot of different requirements applying to IT systems for processes. ... So when you are designing something, you must ensure that all of those are implemented in whatever you are designing," he says.

Hackers have compromised the Department of Defense agency in charge of securing and managing communications for the White House, leaking personally identifiable information of employees and leading to concerns over the safety of the communications of top-level U.S. officials in the run-up to the 2020 presidential election. Reuters first reported the data breach at the Defense Information Systems Agency, part of the DoD, on Friday, citing letters seen by the news outlet that were sent to people allegedly affected by the breach.

An enhancement to CyberArk Endpoint Privilege Manager, the new deception feature enables defenders to quickly detect and proactively shut down in-progress attacks. New research from CyberArk Labs examines characteristics and patterns of emerging credential stealing malware families, like Raccoon, which can give attackers the ability to steal secrets from more than 60 different application types.

KidsGuard comes from a company called ClevGuard that promises that its "Excellent products" will deliver "All the information" from a targeted device, including real-time location, text messages, browser history, photos, videos, recordings of phone calls, keylogger data for every keystroke entered and the app where it came from, and all the data from all the social apps - hopping over the end-to-end encryption of, for example, WhatsApp. ClevGuard says the app can also be used for iPhones without access to the device if you give it the target's iCloud credentials.

Samsung has admitted that what it calls a "Small number" of users could indeed read other people's personal data following last week's unexplained Find my Mobile notification. Several Register readers wrote in to tell us that, after last Thursday's mystery push notification, they found strangers' personal data displayed to them.

Honeywell has released patches for a couple of potentially serious vulnerabilities affecting a web server used by its Notifier fire alarm systems. With this information at hand, the attacker can gain full access to the fire alarm system.