Security News > 2020

IBM has withdrawn as a sponsor for next week's RSA Conference 2020 as worries over the coronavirus outbreak continue. "We learned today that IBM has made the decision to no longer participate in RSA Conference 2020 as a Platinum Sponsor," RSA Conference organizers say in a statement.

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development company ThemeGrill.

Rising interest in electronic voting has heightened concerns among security experts who fear these systems are vulnerable to hacking and manipulation that could undermine confidence in election results. While internet voting has been implemented in parts of the world, notably in Estonia, security is still a key concern, and that goes double for smartphone voting, say researchers.

Abstract: In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called "Voatz." Although there is no public formal description of Voatz's security model, the company claims that election security and integrity are maintained through the use of a permissioned blockchain, biometrics, a mixnet, and hardware-backed key storage modules on the user's device. We performed a clean-room reimplementation of Voatz's server and present an analysis of the election process as visible from the app itself.

Microsoft has decided to remove a couple of Windows security updates that address a UEFI issue after some users complained that the updates caused serious problems. Some users reported that their devices became unusable after trying to install the KB4524244 security update for Windows 10.

Google has abruptly pulled over 500 Chrome extensions from its Web Store that researchers discovered were stealing browsing data and executing click fraud and malvertising after installing themselves on the computers of millions of users. Depending on which way you look at it, that's either a good result because they're no longer free to infect users, or an example of how easy it is for malicious extensions to sneak on the Web Store and stay there for years without Google noticing.

Last week, a court forced Google to reveal the details of an anonymous poster who published a bad review of his business. According to the court judgement, the anonymous poster used the pseudonym CBsm 23 to publish a review on Google about a procedure they had undergone at Kabbabe's clinic.

The US needs a data protection agency of its own, and Kirsten Gillibrand wants to be the one that makes it happen. Virtually every other advanced economy has established an independent agency to address data protection challenges, and many other challenges of the digital age.

The US Department of Justice announced on Thursday that Larry Harmon, 36, of Akron, Ohio, has been indicted on three counts of allegedly running a Bitcoin mixer service called Helix from 2014 to 2017. Harmon's Helix bitcoin mixer allegedly moved at least 354,468 bitcoin on behalf of customers: a sum that was valued at over $300 million at the time of the transactions and which is now worth about USD $3.6 billion.

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time. Latest Naked Security podcast News, straight to your inbox.