Security News > 2020

Apple ditched plans to fully encrypt its iCloud backups two years ago after being pressured by the FBI, it is claimed. Under this plan, Apple would no longer have the key to unlock encrypted data, meaning it would no longer be able provide decrypted backups of its users to the authorities, even under court order.

Maryland lawmakers are considering a bill that would make possession of ransomware a crime punishable by up to 10 years in prison sentence and a $10,000 fine. Maryland would reportedly be the third state to criminalize possession of ransomware.

An analysis of industrial control systems has shown that many products contain features and functions that have been designed with no security in mind, allowing malicious hackers to abuse them and potentially cause serious damage. The company's researchers discovered that many of the industrial control systems used by these organizations are affected by design flaws and weaknesses that could be leveraged by malicious actors for a wide range of purposes, including to cause disruption and physical damage.

Brazilian prosecutors on Tuesday accused U.S. journalist Glenn Greenwald of involvement in hacking the phones of officials involved in a corruption investigation, but said court rulings protecting free speech prevent them from bringing charges. Greenwald's The Intercept Brasil published excerpts from conversations involving Justice Minister Sérgio Moro, saying they showed the then-judge was improperly coordinating with prosecutors at the time he was a judge overseeing a vast corruption investigation.

Developer-focused cybersecurity solutions provider Snyk today announced a $150 million funding round, at a valuation of more than $1 billion, earning the company "Unicorn" status. Snyk, which helps software developers discover and patch vulnerabilities in open source libraries and containers, has raised $250 million to date, including a $70 million investment round in September 2019.

A new report recommends that corporate boards answer four key questions on a regular basis to guide cybersecurity governance.

FireEye on Tuesday announced that it has acquired Cloudvisory, a Dallas, Texas-based provider of tools for cloud visibility, security, and policy management. Founded in 2013, Cloudvisory's platform provides continuous visibility, compliance, and security policy governance solutions for cloud, hybrid cloud, and multi-cloud environments.

One of the most advanced phishing kits, known as 16Shop and probably developed by a group known as the Indonesian Cyber Army, has expanded its phish targets from Apple account holders and Amazon to now include PayPal. "In early January 2020," they say, "ZeroFOX Alpha Team obtained a phishing kit from 16Shop that now targets PayPal customers, indicating they are actively adding brands to their phishing kit portfolio."

Citrix has quickened its rollout of patches for a critical vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products, on the heels of recent proof-of-concept exploits and skyrocketing exploitation attempts. While Citrix originally said some versions would get a patch Jan. 31, it has now also shortened that timeframe, saying fixes are forthcoming on Jan 24.

Alphabet and Google CEO Sundar Pichai this week threw his support behind a European Union proposal for a temporary ban on the use of facial recognition technology in public areas while regulators assess the risks associated with the technology. On Friday, Reuters reported that the European Union is considering a five-year ban on the use of facial recognition technology in public areas in order to work out ways to prevent abuses and protect user privacy for citizens who have not given consent.