Security News > 2020

Originally, ransomware didn't involve any data theft. Malware would encrypt the data on your computer, and demand a ransom for the encryption key.

The Beyond Identity solution is designed to eliminate the need for any password in the authentication process. The biometric access ties the phone to its user, and the Beyond Identity certificate authenticates the device/user to the service provider, whether that's a bank or a corporate network.

A security weakness in the popular TikTok video-sharing service allows a local attacker to hijack any video content streamed to a user's TikTok feed and swap it out with hacker-generated content. In their proof-of-concept attack, Mysk and Bakry demonstrated how popular TikTok users, using verified accounts, could have their video streams hijacked to show misleading videos downplaying the severity of the COVID-19 pandemic.

Hoping to actually make the long foretold end of passwords happen, a startup called Beyond Identity believes it can hasten the demise of the memory-taxing access ritual by embedding a personal certificate authority into mobile devices. Beyond Identity proposes an app for Apple, Windows, Android and cloud services to handle authentication in a way that doesn't require tapping in a memorized secret.

Home office networks are 3.5 times more likely than corporate networks to be infected by malware, according a report from BitSight. Trickbot malware was observed at least 3.75 times more frequently on home office networks than corporate networks.

VMware has fixed a critical vulnerability affecting vCenter Server, which can be exploited to extract highly sensitive information that could be used to compromise vCenter Server or other services which depend on the VMware Directory Service for authentication. vCenter Server is server management software for controlling VMware vSphere environments.

The question now becomes, is backup alone enough, or is full disaster recovery required to mitigate the effect of ransomware? By 'disaster recovery', we mean the full gamut of backing up data, recovering that data, and business restitution without loss of business continuity. A good backup system will allow rapid if not immediate recovery minimizing the loss of data to an annoyance rather than a disaster.

Mobile app developers Tommy Mysk and Talal Haj Bakry just published a blog article entitled "TikTok vulnerability enables hackers to show users fake videos". We used a similar approach to Mysk and Haj Bakry to look at the network traffic produced by TikTok - we installed the tPacketCapture app on Android and then ran the TikTok app for a while to flip through a few popular videos.

When is ICANN going to do something about the explosion of scammy domains spawned by the COVID-19 pandemic? We can't, the overseers of the internet said last Tuesday, throwing its hands in the air and telling domain registrars that they can - and should.

Video game peripherals maker SCUF Gaming recently exposed to the web a database containing information on more than 1.1 million users. According to SCUF Gaming, the incident affected a single system, which was being operated off-site due to the current COVID-19 crisis.