Security News > 2020

Ian Russell backs the report's findings - particularly its calls for government and social media companies to do more to protect users from harmful content, not only by sharing content but also by funding research with a "Turnover tax" that will also provide training for clinicians, teachers and others working with children, to help them identify children struggling with their mental health and to understand how social media might be affecting them. Scheduled to go into effect in April 2020, it will impose a 2% levy on the revenues of search engines, social media platforms and online marketplaces that "Derive value from UK users." That 2% will be assessed on digital companies' global turnover.

A Stoke-on-Trent hospital administrator has avoided prison after hacking his NHS trust and helping himself to almost 9,000 heart scan images. As part of the police caution he agreed not to access any IT system within the hospital, not to enter the hospital unless he was ill or visiting a patient, and not to contact hospital staff unless asked to by the HR department.

Facebook and Instagram have just banned the service from their platform. According to the BBC, Facebook is so hostile to the Spinner that it's even sent the company a formal cease and desist.

From nasty snakes to rickrolling the NSA, get up to date with everything we've written in the last seven days - it's weekly roundup time.

Could satellites play a role in distributing next-generation encryption keys? Robert Bedington, CTO and co-founder at Singapore-based SpeQtral, describes quantum communications via satellites in this in-depth interview with Information Security Media Group. Quantum communications protects key distribution channels against eavesdropping, he explains.

Some of the markets we are planning to expand into are rail transport and Building Automation Systems markets. Starting only one or two years ago, we saw the entire industry kind of look around and say "Safety is job one, and cybersecurity is essential to safety. Oh rats!" And we saw a lot of operators start looking seriously at cybersecurity.

Waterfall Security Solutions, the OT security company, announced a major expansion into new markets and industry verticals. In support of this expansion, Waterfall has secured a significant new funding round to enable aggressive growth.

Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix. As explained earlier on The Hacker News, the vulnerability, tracked as CVE-2019-19781, is a path traversal issue that could allow unauthenticated remote attackers to execute arbitrary code on several versions of Citrix ADC and Gateway products, as well as on the two older versions of Citrix SD-WAN WANOP. Rated critical with CVSS v3.1 base score 9.8, the issue was discovered by Mikhail Klyuchnikov, a security researcher at Positive Technologies, who responsibly reported it to Citrix in early December.

The publication also provides clarification about privacy risk management concepts and the relationship between the Privacy Framework and NIST's Cybersecurity Framework. The NIST Privacy Framework is not a law or regulation, but rather a voluntary tool that can help organizations manage privacy risk arising from their products and services, as well as demonstrate compliance with laws that may affect them, such as the California Consumer Privacy Act and the European Union's General Data Protection Regulation.

Microsoft announced on Friday that it's in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks, reportedly by a threat group tracked as DarkHotel. According to Microsoft, the vulnerability can be exploited for remote code execution in the context of the targeted user.