Security News > 2020

An improvement over the Secure Sockets Layer protocol, TLS is meant to improve the security of the Web, but flaws and weaknesses in older iterations, specifically TLS 1.0 and TLS 1.1, render connections vulnerable to attacks such as BEAST, CRIME and POODLE. The newer TLS 1.2 and TLS 1.3 versions are both faster and safer, and major browser vendors have already laid out plans to deprecate the older releases to ensure the security of their users. Mozilla has already introduced the change in Firefox Beta 73, in which the minimum TLS version allowable by default is TLS 1.2.

Israel's entire voter registration database - comprising close to 6.5 million people - was exposed to the internet because of an elementary coding flaw in an election application, according to an Israeli developer. Bar-Zik, who was tipped off to the vulnerability by a source, also wrote a separate blog post describing the coding error.

A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. All supported versions of Microsoft Windows also contain a critical RCE flaw that an attacker with a domain user account can exploit to execute arbitrary code on the targeted system with elevated permissions.

Attacks targeting operational technology infrastructure increased by over 2000 percent in 2019 compared to the previous year, and the piece of malware most commonly seen in these attacks was the Mirai variant named Echobot, IBM revealed on Tuesday. Based on data derived from network event logs, IBM saw an increase of over 2000 percent in attacks targeting industrial control systems and other OT assets compared to 2018.

The man arrested for running what was once believed to be the largest child abuse hosting provider on the dark web, has pleaded guilty in a US court to the charge of advertising child pornography. The defendant's anonymous web service hosted dozens of insidious criminal communities dedicated to the sexual exploitation of children and spread millions of images of that abuse.

The officials gathered for the China Initiative Conference, an event that explored Chinese intellectual property transgressions. China engages in a broad spectrum of trade theft activity, including not just hacking but also physical theft, inappropriate use of materials licensed from joint ventures, and information fed to it by insiders working at western companies, they said.

The US Justice Department on Monday accused the hackers of stealing the sensitive personal information of some 145 million Americans, in one of the world's largest-ever data breaches. Since then hotels giant Marriott lost data on some 500 million global customers to hackers believed to be Chinese.

The X-Force Threat Intelligence Index 2020 found that hackers are targeting manufacturing plants, making banking trojans more sophisticated, and spoofing tech brands to make phishing schemes successful. IBM Security releases the IBM X-Force Threat Intelligence Index annually, summarizing the most prominent threats identified by research teams.

Last Friday, in full glare of the world, Facebook admins suddenly found themselves in an unseemly struggle to wrestle back control of the company's Twitter accounts from attackers that had defaced them. Well even Facebook is hackable but at least their security better than Twitter.

Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. In brief, Adobe Framemaker for Windows, an advanced document processing software, contains 21 flaws, and all of them are critical buffer error, heap overflow, memory corruption, and out-of-bounds write issues, leading to code execution attacks.