Security News > 2020

For individuals whose personal details were exposed, the impact of a data breach may last forever. Witness the 2015 data breach of extramarital dating site Ashley Madison, perpetrated by a group calling itself the Impact Team, which leaked 30 GB of data about subscribers.

A perv who reportedly hacked people's iCloud accounts to obtain sexual images before sharing them online has been sent to prison for nearly three years. Tony Spencer of Victoria Hill, Eye, Suffolk, was found by Basildon Crown Court to have "Accessed iCloud accounts without the owners' consent" by using "Software", according to a police statement.

A perv who reportedly hacked people's iCloud accounts to obtain sexual images before sharing them online has been sent to prison for nearly three years. Tony Spencer of Victoria Hill, Eye, Suffolk, was found by Basildon Crown Court to have "Accessed iCloud accounts without the owners' consent" by using "Software", according to a police statement.

An update announced last week by Trend Micro for its Anti-Threat Toolkit addresses some additional attack methods related to a vulnerability initially patched in October 2019. Researcher Stefan Kanthak has also analyzed the vulnerability and discovered that Trend Micro has failed to patch it completely.

Apple engineers think they've come up with a simple way to make SMS two-factor authentication one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction. The concept proposed by the company's Safari WebKit team is that apps such as mobile browsers will automatically process SMS text codes as they are received, submitting them to the correct website.

Abstract: The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers. Since the application of these attacks comes with a cost, the delicate exposure vs. application balance has held, and attacks of this kind have not yet been encountered in the wild.

December 2019: the FTC sued a VoIP service provider in FTC v. Educare, where it alleged that defendant Globex Telecom Inc. facilitated a bunch of telemarketers allegedly selling sham credit card interest rate reduction services. Three VoIPs allegedly provided autodialers used to place billions of illegal robocalls, as well as allegedly supplying the technology used by robocallers in at least eight prior FTC cases.

The TrickBot trojan has evolved again to bolster its ability to elude detection, this time adding a feature that can bypass Windows 10 User Account Control to deliver malware across multiple workstations and endpoints on a network, researchers have discovered. Researchers at Morphisec Labs team said they discovered code last March that uses the Windows 10 WSReset UAC Bypass to circumvent user account control and deliver malware in recent samples of TrickBot, according to a report released last week.

"We got scammed!" said a London art dealer after business email compromise scammers inserted themselves into a months-long conversation about the sale of a £2.4 million John Constable painting, spoofing their emails to make it look like the messages came from Simon C. Dickinson Ltd. "No, we got scammed," said the Dutch museum Rijksmuseum Twenthe, which now has the work by the 19th century English landscape painter and whose money got whisked away by fraudsters who transferred the funds to a Hong Kong account. According to Claims Journal, lawyers for the two organizations have pointed fingers at each other's clients, telling a London High Court that it was the other guy's duty to maintain email security or to independently confirm that the bank details it received were legitimate.

The Wuhan coronavirus continues to spread and create anxiety across the globe, allowing malicious individuals and groups to exploit the situation to spread fake news, malware and phishing emails. IBM X-Force says that Japanese users have been receiving fake notifications about the coronavirus spreading in several prefectures, purportedly sent by a disability welfare service provider and a public health center.