Security News > 2020

When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a victim using the WhatsApp desktop app by merely sending a specially crafted message. In a blog post published today, Weizman revealed that WhatsApp Web was vulnerable to a potentially dangerous open-redirect flaw that led to persistent cross-site scripting attacks, which could have been triggered by sending a specially crafted message to the targeted WhatsApp users.

The intellectual property, including research results, of biotechnology companies and other medical organizations is also increasingly a target for hackers, who sometimes dump data on hacker forums or public websites. While GBG did not identify the "Member company" impacted by the attack, media outlet Bleeping Computer on Jan. 23 reported that Medical Diagnostics Laboratory - a unit of GBG - was a victim of a Dec. 2, 2019, Maze ransomware attack that resulted in the dumping of more than 9 Gbytes of research related data on the Maze Team website.

Mozilla offers users a service that will send alerts for account breaches associated with email addresses. The service compares any email address you setup to monitor against known data breaches and reports back if any of those breaches has exposed your info and how many of your passwords have been compromised across the breaches.

YouTube is the latest social media firm to adjust its policies as the 2020 U.S. presidential election gets underway. On Monday, the company announced plans to remove misleading political content and other disinformation from its platform.

Mozilla offers users a service that will send alerts for account breaches associated with email addresses. Find out how to use Firefox Monitor.

Almost half of security professionals don't know where or how to use Zero Trust policies in a hybrid IT environment, says a survey commissioned by security provider Pulse Secure. The report found that confidence levels around the implementation of Zero Trust are about split down the middle.

Google has released a security update for a critical flaw in its Android operating system that allows hackers to execute remote code on affected handsets, potentially allowing an adversary to gain remote access to the device. Part of Google's February Android Security Bulletin, released Monday, also warns of a second critical flaw that could allow a remote hacker to gain access to an Android handset and obtain sensitive data.

SEE: Iowa caucus app fiasco: How it happened and lessons learned. "Inevitably, the cost of this misstep is considerably greater since damage control and ultimately training staff properly is required, as well demonstrated with the app rollout in Iowa caucuses," Jones said.

A 21-year-old California man has pleaded guilty to repeatedly hacking gaming company Nintendo over three years to access servers and steal confidential data, including details on hardware, games and developer tools, according to the U.S. Justice Department. In 2017, FBI agents confronted Hernandez at his parents' home, and he agreed to stop hacking Nintendo in exchange for federal authorities not pressing charges, according to court documents.

The medical device giant said in an advisory last week that at issue is the proprietary Medtronic Conexus radio frequency wireless telemetry protocol that the devices use for remote monitoring of a patient's implanted cardiac device. While most of the affected products are still awaiting fixes, Medtronic has now issued patches for all models of the Brava and Viva lines of CRT-D devices; and bugs in the Evera, Evera MRI, Mirro MRI and Primo MRI lines of ICDs.