Security News > 2020

Google paid out $6.5 million in bug-bounty rewards in 2019, which doubles the internet behemoth's previous annual top total. Requested quarry includes apps that violate Google Play, Google API and Google Chrome Web Store Extension privacy policies.

Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called "Social Care" was being indexed by search engines, and that several months worth of postings about customer complaints and other issues were viewable without authentication to anyone with a Web browser.

SEE: Cheat sheet: Facebook Data Privacy Scandal Scott Matteson: How do policymakers and enterprises around the world view data privacy in 2020? What trends should we be looking out for? Rina Shainski: Our right to personal privacy, specifically our data privacy, has become an increasingly important issue, driven by the realization that the growing abundance of data doesn't "Shield" individuals anymore. Privacy enhancing technologies represent a new, emerging category of technologies, and are increasingly being used to protect data privacy while enabling data use.

Apple has just announced its latest round of security updates. There are plenty of critical holes patched in this raft of updates - so we strongly advise you to patch right away, before anyone figures out how to abuse these newly-documented holes for fun or profit.

LONDON - The European Union unveiled security guidelines for next generation high-speed wireless networks that stop short of calling for a ban on Huawei, in the latest setback for the U.S. campaign against the Chinese tech company. No companies were mentioned by name but the term "High risk" supplier was an obvious reference to Huawei , the world's top maker of telecom infrastructure equipment such as routers, switches and antennas - the hidden plumbing through which wireless companies' internet data traffic flows.

Researchers at cybersecurity firm Qualys have identified a potentially serious vulnerability in OpenSMTPD that can allow remote command execution with elevated privileges. OpenSMTPD is the OpenBSD Project's free and open source implementation of the Simple Mail Transfer Protocol.

Cisco's 2020 Data Privacy Benchmark Study attempts to quantify an often-repeated claim from cybersecurity experts: investment in privacy improves overall cybersecurity. This year, Cisco wanted to examine what other benefits investment in privacy might bring; and more specifically, whether a dollar figure could be applied as an ROI. It queried 2,800 companies from 13 countries in a double-blind survey; and found that an investment of $100 dollars brings $270 in cybersecurity benefits.

Magento 2.3.4 was released this week with patches for six vulnerabilities, including three that are considered critical. Another critical flaw that could allow for the execution of arbitrary code is CVE-2020-3718, which Adobe describes as a security bypass issue.

A New York Times reporter apparently was targeted with spyware developed by the NSO Group as part of a campaign that may be linked to a Saudi Arabia group, which has previously been accused of hacking attempts against dissidents, journalists and human rights lawyers, according to the think tank Citizen Lab. The spyware used against the Times reporter likely was Israel-based NSO Group's Pegasus, which has been used by governments around the world to target journalists, activists and protestors, according to the new Citizen Lab report.