Security News > 2020

A European consortium based in Switzerland plans to this week launch an opt-in location-detecting app to expedite contact-tracing those who have encountered coronavirus carriers. The new group, named Pan-European Privacy-Preserving Proximity Tracing, promises a GDPR-compliant app that sounds a lot like Singapore's TraceTogether service, but also offers considerable detail on how the service is designed to preserve privacy.

SiFive, the leading provider of commercial RISC-V processor IP and silicon solutions, announced that Shubham "Sam" Maheshwari has joined the company as Chief Financial Officer. Maheshwari will lead SiFive financial operations to enable sustainable company growth in support of industry needs and new market opportunities.

Mozilla just pushed out an update for its Firefox browser to patch a security hole that was already being exploited in the wild. Given that the bug needed patching in both the latest and the ESR versions, we can assume either that the vulnerability has been in the Firefox codebase at least since version 68 first appeared, which was back in July 2019, or that it was introduced as a side effect of a security fix that came out after version 68.0 showed up.0, so the ESR is popular with IT departments who want to avoid frequent feature updates that might require changes in company workflow, but don't want to lag behind on security patches.

Marriott International 2020 data breach: 5.2 million customers affectedMarriott International has suffered a new data breach in mid-January 2020, which affected approximately 5.2 million guests. Are your MS SQL servers part of a cryptomining botnet? Check now!For the last two years or so, attackers have been infecting and reinfecting poorly secured MS SQL servers, booting other criminals' malware from them and exploiting their compute power to mine Vollar and Monero cryptocurrency.

Mozilla patched two Firefox browser zero-day vulnerabilities actively being exploited in the wild. Both bugs have critical ratings and allow remote attackers to execute arbitrary code or trigger crashes on machines running versions of Firefox prior to 74.0.1 and its business-friendly Firefox Extended Support Release 68.6.1.

An astonishingly rare film documenting British intelligence personnel, linked to the code-breakers at Bletchley Park, has been released by the park's trust, offering a glimpse of unsung heroes who helped win the Second World War. The 11-minute silent film, a compilation of black-and-white and color clips from 1939 through 1945, depicts some of those who worked at Whaddon Hall, Buckinghamshire, England, for MI6's communications group, known then as Section VIII. The footage was handed to the trust in its original film canister by a donor who asked not to be identified.

Zoom in its documentation, and in an in-app display message, has claimed its conferencing service is "End-to-end encrypted," meaning that an intermediary, include Zoom itself, cannot intercept and decrypt users' communications as it moves between the sender and receiver. When reports emerged that Zoom Meetings are not actually end-to-end encrypted encrypted, Zoom responded that it wasn't using the commonly accepted definition of the term.

Video conferencing app Zoom has had a meteoric rise in users due to the coronavirus outbreak, and with that rise in users has come security woes and an annoying new trend known as "Zoom bombing." Zoom bombing is, in essence, crashing a digital meeting and doing things like screaming obscenities, broadcasting pornography, and otherwise interrupting people's attempts to talk to coworkers, family, and friends. Even with all of Zoom's security issues, it can't be blamed entirely for the Zoom bombing trend-internet trolls have been using publicly posted meeting links, guessing meeting IDs, and using personal meeting IDs posted online as ways to join meetings uninvited.

NSO Group - sued by Facebook for developing Pegasus spyware that targeted WhatsApp users - this week claimed Facebook tried to license the very same surveillance software to snoop on its own social-media addicts. The Israeli spyware maker's CEO Shalev Hulio alleged in a statement [PDF] to a US federal district court that in 2017 he was approached by Facebook reps who wanted to use NSO's Pegasus technology in Facebook's controversial Onavo Protect app to track mobile users.

The issue with testing which is a form of sampling and the question of false positives and false negatives, and how they are seen as opposed to what they actually mean in any particular test situation. Importantly contrary to claims you might hear there is no 100% test when sampling is involved, none and I do mean none.