Security News > 2020

Technology Apple designed for its Safari web browser to protect users from being tracked when they surf the web may actually do just the opposite, according to new research from Google. Google researchers have identified a number of security flaws in Safari's Intelligent Tracking Protection that allow people's browsing behavior to be tracked by third parties, according to a report published in the Financial Times Wednesday.

Cisco has released another batch of security updates and patches for a variety of its offerings, including many of its security solutions. Among the security holes plugged is CVE-2019-16028, a critical authentication bypass vulnerability affecting the Cisco Firepower Management Center - a device that provides visibility into an organization's network and allows admis to centrally manage critical Cisco network security solutions.

A forensic examination of Amazon CEO Jeff Bezos's mobile phone has pointed to it having allegedly been infected by personal-message-exfiltrating malware - likely NSO Group's notorious Pegasus mobile spyware - that came from Saudi Arabia's Crown Prince Mohammed bin Salman's personal WhatsApp account. The UN's report said that full details from the digital forensic exam of Bezos's phone were made available to its special rapporteurs.

In spite of Apple having turned over the shooter's iCloud backups in the case of the Pensacola, Florida mass shooting last month, the US government has been raking it over the coals for supposedly not helping law enforcement in investigations. Specifically, according to six sources - Reuters relied on the input of one current and three former FBI officials and one current and one former Apple employee - a few years ago, Apple, under pressure from the FBI, backed off of plans to let iPhones users have end-to-end encryption on their iCloud backups.

Stopping software updates for legacy kit is nothing new, but it's the way the company has done it that has Sonos customers' hackles up. Sonos points out that it supports software updates on products for at least five years after it stops selling them.

What's the difference between a real job and the horde of fake ones found on the internet? It's even more basic than the fact that one is fake - fake jobs are suspiciously easy to get interviews for.

Be extra careful when looking for a job online, the Internet Crime Complaint Center warns: cybercriminals are using fake job listings to trick applicants into sharing their personal and financial information, as well as into sending them substantial sums of money. "While hiring scams have been around for many years, cyber criminals' emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity. Criminals often lend credibility to their scheme by advertising alongside legitimate employers and job placement firms, enabling them to target victims of all skill and income levels," they noted.

Microsoft accidentally internet-exposed for three weeks 250 million customer support records stored in five misconfigured Elasticsearch databases. Microsoft says the investigation had not uncovered signs of malicious use, and it noted that most of the personal data that had been exposed was redacted.

The United States pressed France on Wednesday to take "Strong security measures" against potential breaches from 5G services provided by Chinese telecommunications firm Huawei, saying failure to do so could imperil intelligence exchanges. The United States did not ask France for a Huawei ban, he said, but for strong protections against potential "Malicious intrusions" from software and firmware updates of any systems provided by the company.

Citrix and FireEye have released a new security tool to help admins find out if their servers have been hacked via the high-profile CVE-2019-19781 flaw that was disclosed in December but only patched on Monday. The tool can be run on any Citrix instance to check for signs of an intrusion.