Security News > 2020

Four Princeton University eggheads have published a report showing that the five major US mobile carriers implement weak authentication techniques, leaving customers vulnerable to SIM-swapping attacks that transfer victims' phone numbers to devices controlled by scammers. In a paper [PDF] titled, "An Empirical Study of Wireless Carrier Authentication for SIM Swaps," Kevin Lee, Ben Kaiser, Jonathan Mayer, and Arvind Narayanan looked at how AT&T, T-Mobile US, Tracfone, US Mobile, and Verizon Wireless handle requests to change the SIM card associated with mobile phone numbers.

A Texas school district, based outside of Austin, Tex., has lost $2.3 million after falling victim to an email scam. The Manor Independent School District encompasses 8,000 students from elementary to high school.

Google has removed 17,000 Android apps to date from the Play store that have been conduits for the Joker malware - and in an analysis of the code, said that Joker's operators have "At some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected." The internet giant said that having three or more active variants of Joker in circulation at the same time using different approaches or targeting different carriers is the norm; and at peak times of activity, up to 23 different apps from the Joker family have been submitted to Play in one day.

Corporate network security breaches, which can prove costly to remediate and expose a company to lawsuits, are frequently the result of vulnerabilities that could have been fixed for a relatively low cost. During the internal phase, our team's white hack attackers moved around laterally within the entire network via the external access provided by the JBoss issue.

A miscreant managed to swipe $2.3m from a Texas school district after staff inadvertently wired large sums of public money to the crook's bank account. The school district did not say exactly how scumbags were able to extract so much money, though telly station CBS Austin reported the money was funneled out in three separate transactions in November.

Check Point's December 2019 Index finds Emotet as lead malware for the third month in a row, spreading email spam, some which alleged support of the teen activist. Emotet was the leading malware threat for the third month in a row, according to Check Point's December 2019 Global Threat Index.

They believe CES, an annual lovefest for gadgets and innovation, should have focused less on hype and more on the security and privacy implications of new surveillance features unveiled at the show. Among a bevy of surveillance cameras in the CES spotlight was a mass-market Blurams smart doorbell that uses AI and facial recognition to send a text-based alert to homeowners about who is at the door - be it a recognizable face or a delivery person.

After a data breach, if individuals' stolen information is offered for sale on the dark web, that potentially bolsters class action lawsuits filed by plaintiffs against the breached organization, says technology attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C. Data offered for sale "Actually shows that someone is attempting to monetize the victims' information," he says in an interview with Information Security Media Group. The clinic reported a health data breach in July 2016 to the Department of Health and Human Services as a "Unauthorized access/disclosure" incident involving its electronic health records and affecting 201,000 individuals.

TechRepublic's Karen Roby talked to Steven Cardwell, vice president of program marketing at HBO, at CES 2020 about its Westworld display and the importance of data privacy. Just given the conversation happening right now at CES, predominantly around data privacy, we thought this was a really great way to integrate into the conversation to not only talk about data privacy, but actually make people experience what it feels like when a company such as Incite actually has the power perhaps for good or bad. SEE: CES 2020: The big trends for business.

British and American officials are meeting as U.K. Prime Minister Boris Johnson's government prepares to decide on whether there's a future for Chinese equipment maker Huawei in the country's next-generation telecom networks, his spokesman said Monday. "We have strict controls for how Huawei equipment is currently deployed in the U.K. The government is undertaking a comprehensive review to ensure the security and resilience of 5G and fiber in the U.K.".