Security News > 2020

At issue is a problem known as "Namespace collision," a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet. Windows computers on an internal corporate network validate other things on that network using a Microsoft innovation called Active Directory, which is the umbrella term for a broad range of identity-related services in Windows environments.

US and British cybersecurity agencies warned Wednesday that foreign government-backed hacking groups are using coronavirus themes to ply their way into computers and networks. Some use email and SMS subject lines like "2020 Coronavirus updates" or "Coronavirus outbreak in your city(Emergency)", while others might offer an attached file with purported updates on national policies to deal with the pandemic, said an alert jointly issued by the US Cybersecurity and Infrastructure Agency and Britain's national Cyber Security Center.

Sophos experts discuss the biggest cybersecurity stories of the last week.

Facebook on Tuesday released a new couples-only messaging app that gives you a place to get "As mushy, quirky, and silly" with your bae as you do in front of each other even when you're apart, keeping it to yourselves and thus avoiding setting off nausea in others. You can use the app - which Facebook has dubbed "Tuned" - to chat and to share your mood, photos, music, love notes and more, or to create a shared, daily "Diary of special moments."

Google has removed an Android VPN program from the Google Play store after researchers notified it of a critical vulnerability. VPNpro, a company that reviews and advises on VPN products, warned in February of a vulnerability in the product that could cause a man in the middle attack, enabling an intruder to insert themselves between the user and the VPN service.

Zoom Video Communications, the creators of the Zoom remote conferencing service, have benefited the most from this sudden surge of demand for video conferencing solutions. Not to be outshined, Google explained again on Tuesday that its Google Hangouts Meet video communication service is a secure option for enterprises.

Most of the low-severity bugs were insufficient policy enforcements too, complemented by several inappropriate implementations, uninitialized use in WebRTC, and use-after-free in V8. Google says it paid over $26,000 in bug bounty rewards to the reporting security researchers, but the company has yet to disclose the exact amount it awarded for all of the externally reported vulnerabilities. Mozilla, which revisited the previous decision to disable TLS 1.0 and 1.1 in its browser, this week pushed Firefox 75 to the stable channel, packing it with six security patches for the desktop, and two patches targeting vulnerabilities specific to the Android platform.

A case of alleged low-orbit internet banking fraud has taken another twist, with the US Attorney's Office for the Southern District of Texas filing an indictment in which it claimed the complainant in the case had lied. The case came to our attention in August 2019 when we chronicled how astronaut Lt Col Anne McClain denied a claim that she'd improperly accessed a bank account belonging to ex-wife Summer Worden while aboard the International Space Station.

Cloudflare on Wednesday said it is ditching Google's reCAPTCHA bot detector for a similar service called hCaptcha out of concerns about privacy and availability, but mostly cost. The biz held a bake-off to pick a new provider, and settled on hCaptcha, a service released last year as an alternative to reCAPTCHA. According to Prince and Isasi, hCaptcha doesn't sell personal data and made commitments to use info collected from Cloudflare only to improve the service.

As these industries evolve and become more digitized, attackers have the opportunity to access more data than ever before. Wipers continue to trend upward as adversaries begin to realize the futility of purely destructive attacks.