Security News > 2020

The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the "Entire domain" was probably compromised by an attacker who was lurking on the UN's networks.

A Chinese hacking crew which had previously been focusing on industrial and commercial attacks has now involved itself in efforts to suppress protests in Hong Kong. Researchers at security shop ESET say the Winnti Group, a hacking operation believed to be backed by the Chinese government, has begun targeting the networks and accounts of at least five universities in Hong Kong.

The order comes amid a spate of warnings and bans at multiple government agencies, including the Department of Defense, about possible vulnerabilities in Chinese-made drone systems that could be allowing Beijing to conduct espionage. The Army banned the use of Chinese-made DJI drones three years ago following warnings from the Navy about "Highly vulnerable" drone systems.

Now can't be an easy time to be a professional drone pilot working for the US Department of the Interior. Until the issue is resolved, the only DOI drone flights allowed will be those connected to emergencies - monitoring wildfires and floods, both uses that underscore the importance of drones to the agency's work.

A researcher has discovered more than 60 vulnerabilities across 20 physical security products, including critical flaws that can be exploited remotely to take complete control of a device. The DHS's Cybersecurity and Infrastructure Security Agency recently published an advisory to warn users of Honeywell's MAXPRO video management system and network video recorder products that Austria-based researcher Joachim Kerschbaumer had identified two serious vulnerabilities that could allow hackers to take control of affected systems.

Facing intense criticism, anti-virus software maker Avast on Thursday said it will shut down Jumpshot, its data collecting side business. The Avast subsidiary has been funneling to marketers detailed internet browsing activity from the firm's security products and browser extensions.

For years, financial technology companies have used screen-scraping to retrieve customers' financial data with their consent. As ZDNet reports, one of the calls for a ban came from Lisa Schutz, founding director of The Regtech Association and CEO of Verifier, who said that her company could use screen-scraping, but it's chosen not to.

Nearly a year after Malta's Bank of Valletta yanked itself from the internet amid a "Cyber intrusion", Britain's National Crime Agency has made three arrests. In the hours after the funds arrived, cash withdrawals and card payments were made to the tune of £340k, with money spaffed over London stores such as Harrods and Selfridges, the NCA alleged.

Microsoft is offering rewards of up to $20,000 for finding vulnerabilities in its Xbox gaming platform through its latest bug bounty program unveiled this week. The Xbox Bounty Program is open to gamers, security researchers and basically anyone who can help the tech giant identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team, Chloé Brown, a Microsoft Security Response Center program manager, said in a blog post Thursday.

The United States on Thursday welcomed the European Union's new rules on fifth-generation internet but pressed them to go further after the bloc resisted Washington's pressure to ban China's Huawei directly. The European Union, setting guidelines that mirror those announced a day earlier by Britain, said Wednesday that countries should ban telecoms operators deemed to be a security risk.