Security News > 2020
Following reports about text transcriptions of live Skype calls being vetted by humans, meaning that sensitive conversations could have been bugged, Microsoft says it's moved its human grading of Cortana and Skype recordings into "Secure facilities", none of which are in China. On Friday, The Guardian published a report after talking to a former Microsoft contractor who lived in Beijing and transcribed thousands of audio recordings from Skype and the company's Cortana voice assistant - all with little cybersecurity protection, either from hackers or from potential interception by the government.
What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency of the United States. What's more interesting is that this is the first security flaw in Windows OS that the NSA reported responsibly to Microsoft, unlike the Eternalblue SMB flaw that the agency kept secret for at least five years and then was leaked to the public by a mysterious group, which caused WannaCry menace in 2017.
API abuse is an ongoing problem and is expected to escalate in the coming years, as the number of API implementations continues to grow. The OWASP API Security Project aims to provide software developers and code auditors with information about the risks brought on by insecure APIs.
The logs record when someone uses the Peekaboo app and the specific action they took at a certain point in time, such as uploading data or content. Exposed data includes email addresses, detailed device data and often, links to photos and videos, all of which get stored on servers hosted by Singapore-based Alibaba Cloud.
Organizations still running Windows 7 are now officially living on borrowed time. SEE: What to do if you're still running Windows 7.
While plenty of attacks will continue to hit traditional targets such operating systems and humans, 2020 will see many attackers taking aim at non-traditional systems. Containers, connected devices and the communications between the two technologies will be a primary focus of both security researchers and attackers.
Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users.
A mobile device management solution provides similar features that you would expect a systems management solution would use to manage PCs. However, mobile devices are not network-connected in the same manner as PCs, so a solution for mobile device management must rethink communications. The basic components of a mobile device management solution would consist of a server and an agent which would communicate with each other in order to complete commands and tasks.
Kount released a new research report on digital innovation and emerging fraud, which found that the most innovative businesses are also the ones facing the greatest fraud threats. The report, conducted by Javelin Research, surveyed hundreds of respondents across the retail, restaurant, insurance, and financial industries and revealed more than 40% of businesses say fraud impedes their expansion into new digital channels and services.
Russian spies hacked a Ukrainian energy company at the center of the impeachment trial of US President Donald Trump, a cybersecurity firm said Monday. The GRU figured heavily in the Mueller report on Russian interference in the 2016 presidential campaign, which concluded that Russia hacked the Democratic Party and Hillary Clinton's campaign to help Trump.