Security News > 2020

Nearly a month has passed since Citrix released mitigation measures for CVE-2019-19781, a critical vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway, which could lead to remote code execution. Citrix Gateway is a secure remote access network gateway solution that is offered as a cloud service or an on-premises solution.

Rockwell Automation on Wednesday announced that it has entered an agreement to acquire Israel-based cybersecurity solutions provider Avnet Data Security in an effort to expand its cybersecurity expertise. Founded in 1995, Avnet provides a wide range of services and solutions for IT and OT environments, including penetration testing, assessments, training, and network and security products.

The security company Check Point has revealed several vulnerabilities in TikTok, the popular Chinese video app that has raised concerns lately from the U.S. military and lawmakers. Check Point says it reported the issues to TikTok on Nov. 20 and Tiktok fixed them by Dec. 15.

In order to meet the unique needs of the diverse and growing market for biometric access control, world-leading biometrics company Fingerprint Cards AB announces the expansion of its fingerprint authentication touch sensor portfolio, for physical and logical access devices and applications. Two additional capacitive touch sensors are now available in the access series, FPC1020 and FPC1024, featuring high biometric performance and a small physical footprint.

This week we discuss the IT exec who scammed his employer out of $6m with fake invoices and the death of Python. Peter also shares two of his latest investigations from the ransomware swamp.

Apple has confirmed that it's automatically scanning images backed up to iCloud to ferret out child abuse images. Horvath didn't elaborate on the specific technology Apple is using, but whether the company is using its own tools or one such as Microsoft's PhotoDNA, it's certainly not alone in using automatic scanning to find illegal images.

Google's controversial voice Assistant is getting a series of new commands designed to work like privacy-centric 'undo' buttons. Google hopes its new commands will counter that impression by offering offers some control over what Assistant pays attention to.

The FBI has asked Apple to help it unlock two iPhones that belonged to the murderer Mohammed Saeed Alshamrani, who shot and killed three young US Navy students in a shooting spree at a Florida naval base last month. Yes, the FBI has tried the tactics it used when it was trying to unlock the iPhone of San Bernardino terrorist Syed Farook.

Mozilla has patched a Firefox zero-day vulnerability that is being exploited in attacks in the wild and is urging Firefox and Firefox ESR users to update their installations as soon as possible. A day after Mozilla released Firefox 72 - which blocks fingerprinting scripts by default for all users, replaces annoying notification request pop-ups from various sites with a speech bubble in the address bar, and fixes a number of security issues - the corporation pushed out Firefox 72.0.1 with a fix for CVE-2019-17026, a type confusion vulnerability in IonMonkey, the JavaScript Just-In-Time compiler for Mozilla's JavaScript engine.

Google's Project Zero bug-hunting team has tweaked its 90-day responsible disclosure policy to help improve the quality and adoption of vendor patches. The vendor then has 90 days to fix the bug before Project Zero lifts the veil.