Security News > 2020

Britain is expected to announce next week whether to allow China's Huawei to develop its 5G network, an official said on Friday, setting out reasons for agreeing despite US opposition. There had been speculation that Britain would allow Huawei into "Non-core" elements of the next-generation 5G mobile networks, such as antennae and base stations attached to masts and roofs.

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman. "[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos' phone began, continuing and escalating for months thereafter," the report states.

A forensic investigation commissioned by Bezos concludes claims to have uncovered the May 2018 hack attack. Bin Salman sent Bezos a large video file on May 1, 2018, which FTI describes as "Arriving unexpectedly and without explanation," as if people routinely warn their friends that they're about to send a video attachment.

Citrix has released a new set of patches for the recently disclosed CVE-2019-19781 vulnerability and partnered with FireEye for a tool that tells users if their systems have been compromised via the security flaw. The vulnerability, disclosed in December 2019, impacts Citrix Application Delivery Controller and Gateway, and two older versions of SD-WAN WANOP. Following the public release of PoC exploits earlier this month, attackers started targeting vulnerable deployments - there are tens of thousands of vulnerable systems out there.

A honeypot set up to observe the current security landscape in smart manufacturing systems observed numerous threats-including cryptomining malware and ransomware-in just a few months, highlighting the new threats that industrial control systems face with increased exposure to the internet. To further study these threats, researchers with Trend Micro simulated the fake smart factory system last year in what they called "Our most realistic honeypot to date," according to their report.

Researchers have discovered six critical and high-risk vulnerabilities - collectively dubbed MDhex - affecting a number of patient monitoring devices manufactured by GE Healthcare. The flaws may, according to GE Healthcare, allow an attacker to make changes at the device's OS level that may render the device unusable or interfere with its function, make changes to alarm settings on connected patient monitors, and utilize services used for remote viewing and control of multiple devices on the network to access the clinical user interface and make changes to device settings and alarm limits, which could lead to missed, unnecessary, or silenced alarms.

Researchers who took part this week in the Zero Day Initiative's Pwn2Own Miami hacking competition have earned a total of $280,000 for exploits targeting industrial control systems and associated protocols. The teams and individuals who signed up for the hacking contest were Incite Team, Flashback Team, Claroty Research, Ben McBride, Fabius Artrel, Michael Stepankin, Lucas Georges, and a nameless team comprising Tobias Scharnowski, Niklas Breitfeld, and Ali Abbasi from the Horst Goertz Institute for IT-Security in Germany.

People worried about the.org top-level domain will be there protesting its sale to a private equity firm. They'll be handing over a petition signed by over 21,000 people to the Internet Corporation for Assigned Names and Numbers.

New York police have arrested yet another man suspected of running the clickfraud factory known as Methbot: a farm of 1,900 data servers rented to host 5,000 bogus websites and to concoct fictional traffic coming from fake visitors, thereby running up profits from advertising fraud. As the affidavit describes, between September 2014 and December 2016, Denisoff's alleged part was to operate an advertising network that purported to place ads on real webpages seen by real, human visitors.

Online services could help to prevent that and other types of harm that are befalling kids, but they aren't doing enough, the UK's data watchdog says. On Tuesday, the ICO published a code to ensure that online companies do just that - protect kids from harm, be it showing kids suicidal content, grooming by predators, illegal collection and profiteering off of children's data, or all the "Smart" toys and gadgets that enable children's locations to be tracked and for creeps to eavesdrop on them.