Security News > 2020

The mobile phone of Amazon CEO Jeff Bezos was hacked using a malicious file sent directly from the official WhatsApp account of Saudi Arabia's Crown Prince Mohammed Bin Salman, investigators have reportedly found. Hackers stole sensitive information from Bezos' phone "Within hours" of the hack, according to a digital forensic analysis of Bezos' phone conducted by FTI Consulting, a Washington-based business advisory group.

UPDATE. Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. "Tech support scams entail a scammer contacting users and pretending to be a Microsoft support representative. These types of scams are quite prevalent, and even when scammers don't have any personal information about their targets, they often impersonate Microsoft staff. Microsoft Windows is, after all, the most popular operating system in the world."

For the first time ever, the top five most likely global risks enumerated in the annual Global Risks Report from the World Economic Forum are all environmental: extreme weather, climate action failure, natural disasters, biodiversity loss, and human made environmental disasters. The same background is threatening the global economic outlook.

They're calling on Johnson to allow them to use Huawei gear for antennas and non-core parts of their 5G mobile phone networks, the Guardian reports, noting that they could send the letter as early as this week. A secret technical assessment prepared last year by Britain's National Cyber Security Center, which is part of GCHQ and runs a center that tests Huawei equipment, reportedly concluded that the risks of using Huawei as part of the national 5G rollout, especially for non-core parts of the network, can be minimized if the process is appropriately managed.

Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days right at the end of 2019. What data was published? These are logs of customer service and support interactions between 2005 and now.

Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days right at the end of 2019. What data was published? These are logs of customer service and support interactions between 2005 and now.

Proton Technologies, the company best known for its privacy-focused email service ProtonMail, this week announced that the source code for all of its ProtonVPN virtual private network applications has been made public after each app underwent independent security audits. The source code for the Android, iOS, macOS and Windows versions of ProtonVPN are now available on GitHub, and the company has also published the results of security audits conducted by SEC Consult.

A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found. "The new Muhstik variant scans Tomato routers on TCP port 8080 and bypasses the admin web authentication by default credentials bruteforcing," researchers wrote in their report.

Two years ago, Apple abandoned its plan to encrypt iPhone backups in the iCloud in such a way that makes it impossible for it to decrypt the contents, a Reuters report claimed on Tuesday. Based on information received by multiple unnamed FBI and Apple sources, the report says that the decision was made after Apple shared its plan for end-to-end encrypted iCloud backups with the FBI and the FBI objected to it.

Nearly 250 million Microsoft Customer Service and Support records were found exposed to the Internet in five insecure Elasticsearch databases, Comparitech reports. While most of the personal information in those records was redacted, many records contained plain text data.