Security News > 2020

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking.

Google has announced a timetable for phasing out insecure file downloads in the Chrome browser, starting with desktop version 81 due out next month. Known in jargon as 'mixed content downloads', these are files such as software executables, documents and media files offered from secure HTTPS websites over insecure HTTP connections.

We urge you to recognize and accept that an increased risk of child abuse being facilitated on or by Facebook is not a reasonable trade-off to make. The NSPCC said in December 2019 that police in the UK recorded over 4,000 instances - an average of 11 per day - where Facebook apps were used in child abuse image and online child sexual offenses during the prior year.

Russia is still using social media in a sustained campaign to dabble in US affairs, according to FBI director Chris Wray. Wray, speaking at a House Judiciary Hearing on FBI Oversight on Wednesday 5 February, said that Russia is still engaged in an "Information warfare" campaign against the US, according to a report by the Associated Press.

A group of hackers called OurMine hijacked some of Facebook's official Twitter and Instagram accounts over the weekend through a third-party social media management service. The hackers briefly hijacked the Twitter accounts of Facebook and its Messenger application, and the Instagram accounts of Facebook and Facebook Messenger.

If you visit the website of renowned Canadian novelist Patrick deWitt today, you'll see a surprising message. The first instance of the cybersquatter's site shows up on the Wayback Machine on 10 November 2018.

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time. Latest Naked Security podcast News, straight to your inbox.

Canada's privacy commissioner is taking Facebook to court to try to force the social network to make changes to its privacy practices. The Office of the Privacy Commissioner of Canada has filed an application asking a federal court to declare that Facebook violated the country's privacy law over the Cambridge Analytica scandal.

DNS amplification was the most used technique for DDoS attackers in 2019 having been found in one-third of all attacks. The proportion of DDoS attacks that involved corrupted cloud servers was 45% between January and December; this is a 16% increase over the same time period the previous year.

The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In September 2017, credit reporting agency Equifax disclosed it had become a victim of a massive cyberattack that left highly sensitive data of nearly half of the U.S. population in the hands of hackers.