Security News > 2020

The lawsuit - one of more than 400 filed against tech companies big and small in the past five years, by one law firm's count - alleges that Facebook broke Illinois' strict biometric privacy law that allows people to sue companies that fail to get consent before harvesting consumers' data, including through facial and fingerprint scanning. "We're going to see a lot of constituents saying, 'Why not me?'" said Jay Edelson, a Chicago attorney whose firm first sued Facebook for allegedly breaking Illinois' law.

If you don't follow these Kubernetes deployments security best practices from Portshift, your containers, their underlying technologies, and your data could be at risk. Portshift recently released a best practices list for tackling the security issues surrounding the K8s platform.

Several law firms are racing to be among the first to file class action lawsuits against PIH Health in the wake of the California-based regional healthcare network reporting last month that a 2019 phishing breach affected nearly 200,000 individuals. Since Jan. 30, at least three law firms have issued public statements announcing they are "Investigating" the data breach reported on Jan. 10 by PIH Health and inviting victims of the incident to contact the firms with information about the impact.

Specifically, they're updating the Windows kernel in-memory with the Gigabyte driver, according to the research - and the kernel accepts it as a "Patch" thanks to the signed certificate. Once that's loaded, they can then exploit that driver using the known vulnerability in order to load their own, unsigned, malicious driver.

A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data - even going so far as to ask for social security numbers and uploaded photos of their passports. Some parts of the phishing email make strange use of exclamation points - For instance, the top of the email says "PayPal Notifications Center !" and the phishing link button reads, "Secure and update my account now !".

Four members of the Chinese military have been charged with breaking into the networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans, the Justice Department said Monday, blaming Beijing for one of the largest hacks in history to target consumer data. The case is the latest Justice Department accusation against Chinese hackers suspected of breaching networks of American corporations.

Over the weekend, an extensive disruption to Iran's telecommunication networks knocked out about 25 percent of the country's internet service for several hours, according to NetBlocks, a nonprofit organization that tracks internet freedom across the globe. The disruption, which took place at about 11:45 a.m. local time Saturday, caused an initial outage of cellular and fixed-line services in Iran for nearly an hour, with the country only able to partially recover its full internet service several hours after the incident, NetBlocks says.

Mozilla Firefox will require user intervention to connect to websites using the TLS 1.0 or 1.1 protocol from March 2020 - and plans to eventually block those weak HTTPS connections entirely. Web servers should really be using TLS 1.2 or 1.3 for their encrypted and secure HTTPS connections.

Thousands of code repositories were found exposed in over one hundred Docker registries that are accessible from the Internet without authentication, Palo Alto Network reports. Docker registries are servers where Docker images are stored and organized into repositories, with each repo containing images of one application and multiple versions of the application, each with a unique tag.

"An overwhelming number of submissions started with a focus on human impact as a means of offering insight on how to better leverage common frameworks, inform decision makers in risk management, mitigate new and emerging threats and build a productive, security-centric culture," write Britta Glade, the RSA Conference's director of content and curation, and Kacy Zurkus, content strategist, in a report. Designing, developing and maintaining secure products: For the first time, organizers have added tracks dedicated to product security and open source tools, reflecting their receiving "More deep-dive technical submissions focused on secure product development than ever before," covering topics ranging from user interface design and artificial intelligence to privacy and security operations centers.