Security News > 2020

Computers become temporary; user backup becomes irrelevant. The general-purpose computer is dying and being replaced by special-purpose devices.

In an attempt to improve the security of its users, the Chrome browser will soon start blocking insecure downloads on HTTPS pages, Google announced. The announcement comes just days after the release of Chrome 80, which by default blocks mixed audio and video resources if they cannot be automatically upgraded to HTTPS. The same will happen with image files in Chrome 81, which is expected to be released to the stable channel in March 2020.

Three of the world's largest manufacturers had some IoT devices running Windows 7 infected with a piece of malware in what experts believe to be a supply chain attack. TrapX Security reported this week that it had identified a cryptocurrency miner on several IoT devices at some major manufacturers, including automatic guided vehicles, a printer and a smart TV. Ori Bach, the CEO of TrapX, told SecurityWeek that the attacks appeared to be part of the same campaign.

U.S. Attorney General William Barr says the United States and its allies should take a "Controlling stake" in Huawei's chief competitors, Findland's Nokia and Sweden's Ericsson, to help make them more viable and improve the security of emerging 5G networks. Speaking at a conference in Washington Thursday organized by the Center for Strategic and International Studies, Barr said that China's unchecked dominance in producing technologies to support 5G networks could pose a "Monumental danger" to U.S. national security.

More than 80 percent of organizations impacted by CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller and Gateway, have already taken steps to secure their deployments. The security bug impacts multiple versions of Citrix ADC and Gateway, but Citrix has already released permanent patches for all of them, as attacks started to ramp up.

Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. With Chrome 68's 2018 release, Google started to label HTTP websites with an "Insecure" warning label in the navigation bar.

Crooks such as the gang behind the Cryptolocker ransomware were able to make millions, perhaps even hundreds of millions, of dollars by infecting hundreds of thousands of users and businesses, and then demanding $300 a time to unlock each user's files. System services often keep critical files in permanent use, meaning that they can't easily be deleted or modified, which stops the crooks from scrambling them in a ransomware attack.

British F-35Bs deploying to the South China Sea next year may not meet key reliability metrics set by an American government watchdog, its annual report has revealed. On top of that, the supersonic stealth jet project's move towards Agile methodology for "Minimum viable product"-phased development of critical flight and weapons software every six months is a "High risk" strategy, according to DOTE. The F-35B fleet worldwide needs to rack up 75,000 flight hours before DOTE thinks it has gathered enough data to meet the contract spec.

During the Brexit transition period, "It will be business as usual for data protection," which means mandatory compliance with the EU's General Data Protection Regulation remains in effect, the U.K. Information Commissioner's Office said in a Jan. 29 blog post. What happens after the transition period is over? From a privacy standpoint, that remains the million-dollar - or rather, pounds-sterling - question, and "Depends on negotiations during the transition period," as noted in a Brexit FAQ issued by the ICO. Odds are good that after 2020, U.K. organizations will have to continue to comply with GDPR. Otherwise, they could be shut out of easy trading with the EU, leaving Britain at a competitive disadvantage.

Employees who create external accounts but use them internally pose a risk to your security, says password manager company 1Password. The IT professionals at your organization likely put a lot of effort into making sure your internal accounts, logins, passwords, and systems are secure and protected.