Security News > 2020

As public cloud providers continue to elevate their platforms' default enterprise protection and compliance capabilities to close gaps in their portfolio or suites of in-house integrated security products, CISOs are increasingly looking to the use and integration of threat intelligence as the next differentiator within cloud security platforms. Whether thinking in terms of proactive or retroactive security, the incorporation of timely and trusted threat intelligence has been a core tenant of information security strategy for multiple decades - and is finally undergoing its own transformation for the cloud.

Prime Minister Boris Johnson on Tuesday challenged US opponents of Britain's potential decision to let China's Huawei telecoms giant develop its 5G network to come up with a better choice. The United States and Australia have both banned their 5G providers from using Huawei on security grounds.

Popular dating apps like Tinder and Grindr are sharing the personal data of their users to third parties in breach of EU regulations, a Norwegian consumer rights group said Tuesday. According to the government-funded non-profit organisation, the sharing of this data implicitly discloses users' sexual orientations.

A public bug-bounty program for the Kubernetes container technology framework has just launched, backed by Google, HackerOne and the Cloud Native Computing Foundation. The program's scope covers code from the main Kubernetes organizations on GitHub, as well as "Continuous integration, release and documentation artifacts," according to a Kubernetes security team post on Tuesday.

Those known risks are twofold: Huawei's coding practices are pisspoor, as Britain's Huawei Cyber Security Evaluation Centre found last year; and there is the ever-present fear that Huawei, or people within Huawei, could be forced to abuse their product knowledge to serve the Chinese regime, perhaps through espionage conducted on UK comms networks or helping with denial-of-service attacks. Although the US have been claiming for years that Huawei poses a threat to communication security, given the well-documented activities of American spy agencies over the last couple of decades this seems like a hollow concern.

Weak security measures in place at several major wireless carriers in the United States make it easy for attackers to perform SIM swap attacks on prepaid mobile accounts, a recent study found. In a SIM swapping attack, social engineering is used to convince a wireless services provider to hand over control of the victim's phone number by modifying the SIM card attached to the phone and mobile account.

Simply put, we took the next 10 Windows malware samples that showed up for analysis at SophosLabs, checked that they ran on the previous versions of Windows and then threw them at the all-new Windows 7. The problem is that "New" malware samples, together with new vulnerabilities and exploits, are likely to work on old Windows 7 systems in much the same way, back in 2009, that most "Old" malware worked just fine on new Windows 7 systems.

Adobe's January 2020 Patch Tuesday updates address several vulnerabilities in the company's Illustrator and Experience Manager products. While the vulnerabilities have been assigned a severity rating of critical, their priority rating is 3, which means Adobe does not expect any of them to be exploited in attacks.

The treachery lies in the payment model - the fleeceware we identified back in September 2019 didn't charge a fee for the app, but instead sold you a subscription to go along with the app. The app's free, don't forget; it's the subscription that you're being charged for, and Google permits app developers to ask that sort of money.

Adobe has released patches for five critical vulnerabilities in Adobe Illustrator CC, its popular vector graphics editor tool, which if exploited could enable arbitrary code execution. Overall Adobe patched nine vulnerabilities as part of its regularly-scheduled updates on Tuesday, including five critical ones in Adobe Illustrator CC, and four "Important" and "Moderate" flaws in Adobe Experience Manager, its platform for integrated online marketing and web analytics.