Security News > 2020

Ireland's Data Protection Commission is launching an investigation into how Google uses customer data for its location services after the privacy watchdog received numerous complaints from consumer rights organizations across the European Union. The watchdog announced Tuesday that it has initiated an investigation into how Google's Ireland subsidiary, Google Ireland Limited, processes its customer location data and if the company is following rules and guidelines in accordance with the European Union's General Data Protection Regulation.

Sudo is included in macOS, but this option was not enabled when we tried it on our Catalina box. If sudo is installed and vulnerable, any user can trigger the vulnerability, even if not listed in the sudoers list of those with sudo privileges.

Sadly, cybercrooks love a crisis, because it gives them a believable reason to contact you with a phishing scam. Of course, if you put in your email address or your password and click through, you'll be submitting the filled-in web form to the crooks.

Crooks almost certainly can't get hold of a server name that ends with, say, paypal DOT com, but can create any number of subdomains that start with paypal DOT and end with some unrelated domain. The suspicious-looking right-hand end of a full domain name often ends up invisible on a mobile phone because it won't fit in the address bar.

Security researchers have identified a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware campaigns through notification messages that appear completely normal to unsuspecting users. "Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message."

The study [PDF] shows that nearly all councils across the UK exposed data about visitors to their websites, which was then sold on to private companies. These elements enable users to be tracked around the web, scraping together whatever information it can, such as what websites and apps they're looking at, their location and their device.

Australian transportation and logistics firm Toll Group has confirmed that it sustained a ransomware attack earlier this month that forced to company to shut down several systems and led to delays in deliveries across the country. While Toll Group continues to recover from the ransomware attack that started Jan. 31, the firm has now deliberately shut down several systems, including customer-facing applications, as a precautionary measure to ensure that the malware does not spread, according to a statement released Tuesday.

Reston, VA-based Leidos Holdings has announced a definitive agreement to buy the airport security and automation businesses from UK-based L3Harris for $1 billion in cash. "The agreement provides a stable path forward for the Security & Detection Systems and MacDonald Humfrey Automation businesses, while enabling L3Harris to focus its resources on core technologies," said William Brown, chairman and CEO at L3Harris.

Tens of millions of Cisco devices deployed in enterprise environments are exposed to attacks due to vulnerabilities identified by researchers in a proprietary discovery protocol they all use. The problematic protocol is the Cisco Discovery Protocol, a Layer 2 network protocol used to obtain information about Cisco devices present on the local network.

Researchers on Wednesday disclosed five critical vulnerabilities in Cisco Discovery Protocol, the Cisco Proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment. Every device, Cisco device, sends packets from time to time saying, 'Hi, my IP address is this, My name is this, my operating system is this' and all kinds of information and they collect the Cisco devices' information about one another, about their neighbors.