Security News > 2020

An unsecured database belonging to a French technology firm that supplies video and digital equipment to plastic surgery and dermatology clinics exposed content on 900,000 patients, according to a report from two independent security researchers. The database belongs to French tech firm NextMotion, according to Noam Rotem and Ran Locar, self-described security researchers and hacktivists, according to their blog post on the site vpnMentor.

Cybercriminals targeted mobile banking users by sending malicious SMS messages to their smartphones as part of a phishing campaign to steal account holders' information, including usernames and passwords, according to the cybersecurity firm Lookout. More than 3,900 mobile banking app users of several Canadian and American banks fell victim to the SMS phishing attacks, which started in June 2019 and apparently recently ended, researchers at Lookout say in their new report.

The new requirement comes after Ring faced a backlash in December following a rash of disturbing hacks and security issues tied to the smart doorbell. While Amazon-owned Ring offered 2FA as an option to customers before, now the second layer of verification will be mandatory to all users.

Consumers and employees are finally becoming more sensitive to the privacy of their data. Before US presidential news and the COVID-19 coronavirus took over the press, privacy was one of the major topics, with frequent questions around how much data the large social media companies should have, and what uses were appropriate for those data.

According to the analysis, Fox Kitten's objective has been to develop and maintain access routes to the targeted organizations, establishing persistent footholds within them; stealing information; and pivoting from within to additional targets via supply-chain attacks. The APT34 connection stems from the fact that part of the attack infrastructure used by the group in previous campaigns has been reused for Fox Kitten.

Unsigned firmware in WiFi adapters, USB hubs, trackpads, and other devices can be compromised by hackers, says enterprise firmware security company Eclypsium in a new report. A report released Tuesday by Eclypsium details the risks involved in using devices with unsigned firmware.

Today, nearly a quarter of malware communicates using TLS. The reason is simple: encryption obfuscates malware code, making it difficult to analyze; prevents users from accessing the component files in the event of an infection; and hides and secures the attackers' malicious network communication. In short, malware encryption makes it harder for traditional defenses to detect and mitigate that malware.

"The Human Element" is the theme of RSA Conference 2020, but there are plenty of technology-rich topics in store for attendees, including session tracks that focus on election security, open source tools, product security and anti-fraud. "Every year is a unique experience," Britta Glade, director of content and curation for the conference, says in an interview with Information Security Media Group.

For the second time within two months, Google has removed United Arab Emirates-developed messaging application ToTok from Google Play. At the end of December, the popular mobile application was removed from both the Google Play marketplace and Apple's App Store, after The New York Times reported that the UAE government was using it to spy on users.

More than 22,000 vulnerabilities were disclosed in 2019 and over one-third had an exploit or a proof-of-concept available, Risk Based Security revealed on Tuesday. The company's 2019 Year End Vulnerability QuickView Report shows that of the 22,316 new security holes 33% were rated high severity based on their CVSS score.