Security News > 2020

The Government Reviewer of Terrorism Laws has declared that safeguards protecting Britons from police workers demanding passwords for their devices must be watered down. In a speech delivered to conservative think tank the Henry Jackson Society yesterday, Jonathan Hall QC, the "Independent Reviewer of Terrorism Legislation"* said section 49 of the Regulation of Investigatory Powers Act 2000 is too "Difficult" for police and others to work with.

Data security solutions provider Privafy has emerged from stealth mode with $22 million in funding, which it will use to scale product development. The Burlington, Ma-based company, which was founded by Verizon and NXP Semiconductors executives, provides a cloud-native SaaS application that aims to secure data as it moves across locations, clouds, mobile, and Internet of Things devices.

Citrix and FireEye have teamed up to provide sysadmins with an IoC scanner that shows whether a Citrix ADC, Gateway or SD-WAN WANOP appliance has been compromised via CVE-2019-19781. Though the number of vulnerable Citrix endpoints is declining rather quickly, we don't know have many have been compromised since the start of the attacks.

The vulnerability is undoubtedly very serious, but in the days since its disclosure I have started to wonder if there is a silver lining to this cloud. First, it appears this vulnerability only affects the latest editions of Windows, including Windows 10, Windows Server 2016, Windows Server 2019 and their derivatives.

Verizon has slung out a new, privacy-focused search engine in an effort to win over customers who prefer not to have their browsing habits tracked by ad-slingers and the like. Three years ago, it bought Yahoo! and two years before that, AOL, in a ham-fisted effort to woo millennials away from Facebook and Google - which it later rebranded as Oath and then the Verizon Media Group.

Attacks recently identified to target a key organization in the European energy sector have employed a remote access Trojan previously associated with Iran-linked threat actors, Recorded Future reports. The researchers were able to identify a PupyRAT command and control server that communicated with a mail server for a European energy sector organization between November 2019 and at least January 5, 2020.

Mastercard on Thursday unveiled a new cyber center in Vancouver, Canada, located at the refurbished Old Stock Exchange Building, where Mastercard subsidiary NuData is also stationed. The center will bring a boost to technology employment, particularly in Vancouver, with just short of 400 new jobs.

Some of Honeywell's MAXPRO video surveillance systems are affected by serious vulnerabilities that can be exploited by hackers to take complete control of the system, a researcher has discovered. Researcher Joachim Kerschbaumer told SecurityWeek that he reported his findings to Honeywell in September 2019 and the vendor released patches after roughly 2 months, which he says is a fast response time compared to other physical security systems manufacturers he has contacted to report flaws.

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday warned that it's seen a surge in targeted attacks using a sophisticated strain of malware called Emotet. "The Cybersecurity and Infrastructure Security Agency is aware of a recent increase in targeted Emotet malware attacks," its Emotet alert reads.