Security News > 2020
The United States' ambassador to Germany said Sunday that President Donald Trump had threatened to cut off intelligence-sharing with countries that dealt with Chinese tech firm Huawei. Washington has been pressing allies to ban Huawei, one of the world's largest tech firms, from next-generation 5G mobile data networks, saying it is a security risk.
Fresh from last week's controversy with a US telco, German secure email biz Tutanota has declared today that the Russian authorities have pulled the plug on its services. In a statement announcing the block, Tutanota co-founder Matthias Pfau lamented the spread of "Censorship" online.
Google has removed 500 Chrome extensions from its online store after researchers found that attackers were using them to steal browser data, according to a new report from security firm Duo Security. In a message to the researchers that it had removed the extensions, Google noted that it "Regularly sweeps to find extensions using similar techniques, code and behaviors and take down those extensions if they violate our policies."
Another option is to report the email to Microsoft for analysis via the Outlook add-in called Report Message or a specific Microsoft address. You can use the process to report a "False negative," meaning a spam message that should have been identified as spam but was not.
FIDO protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along with corresponding certificate types," the OpenSSH 8.2 release note says.
A serious vulnerability found in a WordPress themes plugin with over 200,000 active installations can be exploited to wipe a website's database and gain administrator access to the site. ThemeGrill Demo Importer is a popular plugin that allows WordPress website administrators to import demo content, widgets and settings for ThemeGrill themes.
A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide-and worryingly, a few of which haven't yet been patched. All SweynTooth flaws basically reside in the way software development kits used by multiple system-on-a-chip have implemented Bluetooth Low Energy wireless communication technology-powering at least 480 distinct products from several vendors including Samsung, FitBit and Xiaomi.
Infamous Iranian hacking groups APT33 and APT34 appear to have been working together for the past three years to compromise dozens of organizations worldwide, and their attacks involved some of the enterprise VPN vulnerabilities disclosed last year, ClearSky reports. Since 2017, the two groups likely collaborated as part of an offensive campaign targeted at numerous companies and organizations from the IT, telecommunications, oil and gas, aviation, government, and security sectors around the world, ClearSky says in a new report.
A vulnerability in a popular WordPress user role plugin lets any random person create an admin-level account on targeted websites. The bug in Profile Builder was given a CVSS score of 10.0 by WordPress security biz Wordfence, though precise details of the bug are not yet available on the usual CVE-tracking websites.
In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher's ads with so much bot and junk traffic that Google's automated anti-fraud systems suspend the user's AdSense account for suspicious traffic. The message goes on to warn that while the targeted site's ad revenue will be briefly increased, "AdSense traffic assessment algorithms will detect very fast such a web traffic pattern as fraudulent."