Security News > 2020

An upstate New York airport and its computer management provider were attacked by ransomware over Christmas, officials said. Officials at the Albany County Airport Authority announced Thursday that the attack came to light after Schenectady-based LogicalNet reported its own management services network had been breached.

The new features come from a partnership with security firm Avira, but they won't be free: They're part of a new package called HomeCare Pro. At CES 2020, router manufacturer TP-Link announced new security features for its Wi-Fi 6 routers.

Cisco Systems has fixed two high-severity vulnerabilities in its products, including one in its popular Webex video conferencing platform that could enable a remote attacker to execute commands. The high-severity Webex flaw exists in the web-based management interface of Cisco Webex Video Mesh, a feature that enables on-premises infrastructure for video conferencing, to enhance audio, video and content.

Government-funded, low-cost cell phones are shipping with pre-installed malware aimed at bombing users with unwanted ads, according to researchers. The UMX U686CL Android-based phone, which is made available to low-income citizens in the U.S. via the Lifeline Assistance Program for $35, uses a "Settings" app that researcher claim is actually a "Trojan dropper." According to Nathan Collier, a researcher at Malwarebytes, its function is to fetch and install other applications or malware.

Six months after Facebook agreed to a landmark privacy settlement with the U.S. Federal Trade Commission that included a record $5 billion fine, a federal judge is still considering objections from advocacy groups that claim the deal doesn't go far enough. Judge Timothy J. Kelly has given Facebook and the FTC until Jan. 24 to respond to objections raised by several privacy and consumer advocacy groups, including the Electronic Privacy Information Center, which raised concerns about whether the settlement does enough to protect users' data and address privacy concerns, according to court documents filed in the case.

In some years, the answer comes out exactly one year off for just a few days at the start or the end of the calendar year. The bug in the Java case is that Java's shorthand to denote the current year in four digits is yyyy, and not YYYY - it really matters whether you use capital letters or not.

A bill introduced this week by Senator Tom Cotton would ban the sharing of intelligence with countries that use Huawei technologies in their fifth generation networks. The United States has long expressed concerns that Huawei equipment may contain backdoors that would allow for the Chinese government to conduct espionage operations, and some European countries are sharing the same concerns.

An out-of-bounds write bug in the E2fsprogs filesystem utility could lead to remote code execution, Cisco Talos security researchers reveal. The hash entries for the hash tree are contained within hash entry struct, while the number of hash entries is contained within num array.

Researchers are attempting to develop new forms of cryptography that could not be cracked by powerful quantum computing devices that are in the works. That requires devising public key cryptosystems based on computational problems that are difficult to break even using quantum algorithms, says Divesh Aggarwal, principal investigator at Singapore's Center for Quantum Technologies.

Hackers may be able to remotely take complete control of cable modems from various manufacturers due to a critical vulnerability affecting a middleware component shipped with some Broadcom chips. They've reproduced the attack on ten cable modems from Sagemcom, Netgear, Technicolor and COMPAL, but other manufacturers also likely use the Broadcom chip containing the vulnerability.