Security News > 2020

Facebook has agreed to pay $550 million to settle a class action lawsuit alleging the company violated Illinois law in collecting data for a facial recognition tool without users' consent. The settlement - revealed by company executives during a Wednesday earnings call - came after Facebook failed this month in its efforts to get the U.S. Supreme court to throw out the lawsuit.

The U.S. Department of the Interior this week announced that it has temporarily grounded all drone operations, except for emergencies, citing concerns over national security and cybersecurity. The department's order does not specifically mention threats posed by Chinese-made drones, but Gizmodo reports all of the Interior Department's drones are either made in China or are produced with Chinese parts.

ImmuniWeb decided to look into airport cybersecurity after the topic was highlighted during the 2020 World Economic Forum. In its own report, released on January 22, the WEF called for airports to address emerging cybersecurity challenges.

Microsoft on Thursday announced the launch of an Xbox bug bounty program with rewards of up to $20,000 for critical remote code execution vulnerabilities. The company is hoping to receive reports describing XSS, CSRF, IDOR, insecure deserialization, injection, server-side code execution, security misconfigurations, and the use of components with known vulnerabilities.

A threat group linked to Iran has targeted a U.S.-based research company whose services are used by businesses and government organizations, cybersecurity firm Intezer reveals. Specifically, Intezer's security researchers discovered a phishing document masquerading as an employee satisfaction survey tailored to Westat employees.

A recent spate of malicious, botnet-driven emails is using the coronavirus as a theme, according to telemetry from IBM X-Force and Kaspersky. "Previously, Japanese Emotet emails have been focused on corporate style payment notifications and invoices, following a similar strategy as emails targeting European victims," said the firm.

Beyond these high-profile instances, various journalists and human rights activists have been targeted globally after a WhatsApp zero-day vulnerability was exploited by attackers who were able to inject spyware onto victims' phones. Vanunu, head of products vulnerability research at Check Point research, has seen his share of WhatsApp vulnerabilities - the researcher at Black Hat 2019 demoed several flaws in the messaging platform could be used to manipulate chats, for instance.

Unstructured documents - especially those that have been given wrong or no sensitivity classification - are among the most difficult assets for any enterprise to track and secure. In a separate report published January 29, 2020, Concentric provides the result of analyzing 26 million unstructured documents from companies in the technology, financial and healthcare sectors.

Cisco Systems released security patches on Wednesday for high-severity vulnerabilities affecting over a half dozen of its small business switches. "An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device," Cisco wrote.