Security News > 2020

Security researchers at the Massachusetts Institute of Technology have published a technical paper that describes several security flaws in Voatz, a smartphone app used for limited online voting during the 2018 U.S. midterm elections. In their paper, the MIT researchers note that they were unable to obtain complete information about how Voatz engineers developed the company's voting application, nor were they able to access the full backend of the company's infrastructure to investigate how the app checks and verifies identity.

This is a current list of where and when I am scheduled to speak: I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce...

Puerto Rico's government said Friday that it suspended three employees as federal agents investigate an online scam that attempted to steal more than $4 million from the U.S. territory. Manuel Laboy, executive director of Puerto Rico's Industrial Development Company, said rigorous procedures were not followed when the agency received an email alleging a change in banking accounts that prompted someone to transfer more than $2.6 million to a fraudulent account in the U.S. mainland last month.

Prompted by assurances that the government would one day afford Liberty Reserve users a chance to reclaim any funds seized as part of the takedown, KrebsOnSecurity filed a claim shortly thereafter to see if and when this process might take place. Federal officials charged that Liberty Reserve facilitated a "Broad range of criminal activity, including credit card fraud, identity theft, investment fraud, computer hacking, child pornography, and narcotics trafficking." The government says from 2006 until the service's takedown, Liberty Reserve processed an estimated 55 million financial transactions worth more than $6 billion, with more than 600,000 accounts associated with users in the United States alone.

A malicious email campaign aimed at iPhone owners is making the rounds this week, using a bouquet of different themes to scam victims, just in time for Valentine's Day - including a fake dating app. Once the email body is clicked, the victim is taken on "a seemingly endless redirect loop," until neuropathy is left far behind, and the victim lands on what purports to be a dating app for Apple's iPhone.

The U.S. Justice Department has filed new charges against Huawei and several of its subsidiaries, plus its CFO, accusing them of racketeering and engaging in a conspiracy to steal trade secrets from American companies. The new 16-count indictment unsealed Thursday accuses Huawei and four subsidiaries - Huawei Devices, Huawei USA, Futurewei and Skycom - of engaging in a criminal conspiracy to "Misappropriate intellectual property, including from six U.S. technology companies, in an effort to grow and operate Huawei's business."

Nine of the ten bugs can so far only be exploited to force an affected device either to reboot or to hang; only one can potentially be abused by crooks to access your device without needing you to let them pair with it first. The other bugs are somewhat milder - at the moment, all the researchers have been able to do with them is reboot or freeze a device.

A mobile phishing campaign that targeted customers of more than a dozen North American banks, including Chase, Royal Bank of Canada and TD Bank, managed to hook nearly 4,000 victims. The attacks used an automated SMS tool to blast bogus security text messages to mobile phone users between June and last month.

Facebook has delayed the rollout of its dating service across the EU, following a Monday "Dawn raid" by Irish privacy investigators. The Irish Data Protection Commission, which takes the lead on all General Data Protection Regulation probes of Facebook, says it was informed on Feb. 3 by the social network of its plan to introduce its dating service in the EU. "We were very concerned that this was the first that we'd heard from Facebook Ireland about this new feature, considering that it was their intention to roll it out ," the DPC says in a statement.

Cybercriminals were already using convincing but fake emails from the WHO, CDC and Japanese government to trick people into downloading PDF, MP4 and Microsoft Word DOCX files. The shipping and manufacturing industry have taken massive hits because of the quarantines in China, and cybercriminals have sought to exploit that by bombarding companies with malware, spam and fake emails with links to sites like Office 365, Adobe and DocuSign hoping to steal emails and passwords.