Security News > 2020

According to Denley, the extension is dangerous to users in two ways. First, any funds managed directly inside the extension are at risk.

Foreign currency mega-exchange Travelex said on Thursday it was forced offline by a "Software virus" infection, bring down a number of currency-exchange websites with it. The outage at Travelex has had a knock-in effect in that it knackered currency-swap services for a number of UK banks and organizations relying on the exchange.

In one such recent privacy mishap, smart IP cameras manufactured by Chinese smartphone maker Xiaomi found mistakenly sharing surveillance footage of Xiaomi users with other random users without any permission. The issue appears to affect Xiaomi IP cameras only when streamed through connected Google's Nest Hub, which came into light when a Reddit user claimed that his Google Nest Hub is apparently pulling random feeds from other users instead of his own Xiaomi Mijia cameras.

The case - essentially a US copyright infringement claim - centers on Apple's allegations that Corellium illegally copied the mobile operating system, and unlawfully made derivative versions by modifying the software to run on Corellium's iPhone hypervisor. While Corellium argued that Apple is trying to crack down on who can rifle through iOS for bugs and exploitable flaws, and snuff out jailbreaking efforts, the iGiant's latest paperwork homes in on its central allegations that Corellium is trying to make a fast buck by ripping off iOS and its bundled apps and user interface - technology that Apple has not licensed to Corellium.

Dining giant Landry's disclosed a data breach, Thursday, warning that malware had infected its order-entry systems to steal customers' payment card information. Landry's, which owns over 600 popular American restaurants across 35 states, such as Del Frisco's Grill, McCormick & Schmick's, Rainforest Café and more, said that 63 of these restaurants were impacted by malware that targeted customers' payment card data.

Federal regulators have smacked a Georgia-based ambulance company with a $65,000 financial settlement and corrective action plan in a case involving "Longstanding" HIPAA compliance issues. OCR's says its investigation "Uncovered longstanding noncompliance" with the HIPAA rules, including failures to conduct a risk analysis, provide a security awareness and training program and implement HIPAA Security Rule policies and procedures.

Alert overload is changing the work focus in security operations centers and increasing the risk of burnout among analysts, according to a survey by CriticalStart. Analyzing and remediating security threats: 41%.Reducing the time it takes to investigate a security alert: 25%.Investigating as many alerts as possible: 18%.Limiting the number of alerts sent to clients for review: 13%. That last responsibility-limiting contact with clients-seems to be the default approach for 57% of the respondents.

Cisco on Thursday informed customers that it has released software updates for its Data Center Network Manager product to address several critical and high-severity vulnerabilities. All of the serious vulnerabilities patched in DCNM were reported to Cisco by researcher Steven Seeley of Source Incite.

Multiple critical vulnerabilities in Ruckus Wi-Fi routers used throughout the world were disclosed at the 36th Chaos Communication Congress in Leipzig, Germany, held from December 27-30, 2019. Although the devices examined were from the Ruckus Unleashed stable, Zror told SecurityWeek, "I believe the same issues will affect the Ruckus regular routers and other Ruckus devices. Without pre-authentication," he continued, "I can run my own code on those devices. The implication is that I can upload my own malware into the router, and manipulate all the router activity, as I wish. From there I can access any other network, including the corporate network, that may be connected or may also use Ruckus devices."

Learn how to gain more security in your git repository with the help of the git-secret tool. If you use Git for much of your development needs, you should know there's a dirty little secret to be found.