Security News > 2020

On Wednesday, more than 50 advocacy groups accused Google of exploiting poor people by failing to police misbehaving Android apps on cheap phones. The advocacy groups, including the American Civil Liberties Union, Amnesty International, the Electronic Frontier Foundation, and Privacy International, to name a few, published an open letter to Google CEO Sundar Pichai asking him "To take action against exploitative pre-installed software on Android devices."

At CES 2020, Patriot One Technologies explained its Patscan platform, which can detect hidden weapons and more without the perpetrator even knowing they've been scanned.

A database containing the personal details of 56.25m US residents - from names and home addresses to phone numbers and ages - has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough. He told us he found the 22GB database exposed on the internet, including metadata that links the collection to CheckPeople.com.

An increasing number of threat groups have been spotted targeting electric utilities in North America, industrial cybersecurity firm Dragos reported on Thursday. "As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases," the firm said in its report, titled North American Electric Cyber Threat Perspective.

Over the past year and a half, the North Korea-linked Lazarus group has continued attacks on cryptocurrency exchanges but modified its malware and some techniques, Kaspersky reports. Kaspersky now says that following Operation AppleJeus, Lazarus continued to employ a similar modus operandi in attacks on cryptocurrency businesses, and that more macOS malware similar to that from the original Operation AppleJeus case was discovered.

Now, a cadre of lawmakers is demanding to know what the agency might be doing to track and combat SIM swapping. The lawmakers asked the FCC to divulge whether it tracks consumer complaints about fraudulent SIM swapping and number "Port-outs," which involve moving the victim's phone number to another carrier.

A proof-of-concept attack has been pioneered that "Fully and practically" breaks the Secure Hash Algorithm 1 code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering. All of the major browsers and most applications don't recognize certificates signed with SHA-1 these days, few certificate authorities still support it, and NIST has deprecated it since 2011, but the latest PoC attack is nonetheless deeply concerning given that for all of that, it remains far from being fully deprecated.

Dixons Retail is facing a £500,000 penalty from the Information Commissioner's Office after a hacker installed malware that infected thousands of point of sale tills and scooped up 5.6 million payment card details. The ICO told us that in addition to the aforementioned personal financial data, Dixons had initially found that roughly 10 million non-financial records had also been pilfered from the retailer's internal servers and exfiltrated.

Update] Pre-installed malware on Android phones is a growing menace - so much that on Wednesday this week, Privacy International and around 50 other international NGOs sent an open letter to Google demanding a stop to the habit. The pre-installed malware comprises a Wireless Update app detected by Malwarebytes as Android/PUP.Riskware.

Two Democratic Congressmen have sent letters to nine federal financial regulatory agencies asking that take action to shore up cyber defenses in the sector because of looming security threats from Iran. On Wednesday, the FBI and Department of Homeland Security issued a security bulletin to local law enforcement warning of Iranian-sponsored cyberattacks, although no specific threats were disclosed, according to CNN. In their letter sent this week, Democratic representatives Emanuel Cleaver II, D-Mo., and Gregory Meeks, D-N.Y., who both sit on the House Financial Services Committee, wrote that there is an impending threat to the financial services infrastructure, not only in the U.S. but across the globe.