Security News > 2020

Don't login to company websites via emails or texts. If a company wants or needs you to login to your account, you should already know how to access your account from the company's own site or app.

The financially-motivated hacking group FIN7 has started mailing malicious USB devices to intended victims in an effort to infect their computers with malware, the FBI warns. Mainly targeting businesses via phishing emails, the cybercrime group appears to have changed tactics recently, and started sending malicious USB devices to victims via the United States Postal Service.

Kubernetes-specialist Zettaset has introduced software-defined encryption for Kubernetes-managed containers, improving DevSecOps, enhancing data protection, and enabling compliance. The fluid nature of cloud storage requires a software rather than hardware solution - and Zettaset has announced its software-defined XCrypt Kubernetes Encryption offering.

IBM and FireEye have spotted a campaign that relies on fake "COVID-19 Payment" emails to deliver the Zeus Sphinx banking trojan to people in the United States, Canada and Australia. The emails have the subject line "COVID-19 payment" and they carry malicious documents named "COVID 19 relief."

As more and more people remain at home and work from home due to the COVID-19 pandemic, most of them have been forced to use one or many video and audio conferencing applications out of necessity. One particular remote conferencing solution is quickly becoming the solution of choice for many users worldwide: Zoom.

Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the latest version. A VPN app should open a private connection to a dedicated server through which all internet traffic from the device is routed before being forwarded to the website or service someone is accessing.

The digital burglary at 118 118 Money exposed recordings of customer service calls that included a raft of personal information although thankfully not payment data. As revealed last week, the parent company of the personal loans and credit card provider - the sister business of the better-known UK directory enquiries service - pulled its website offline after spotting an unauthorised intruder.

The Utah Attorney General's Office is investigating the hacking of a video call hosted by a gubernatorial candidate who saw the call hijacked by pornographic images and racial slurs on Thursday. Republican Aimee Winder Newton was about five minutes into the virtual event on the Zoom platform when the trouble began as all 130 state delegates on the call were unmuted, said Caroline Bena, a spokeswoman for the campaign.

Enough people must have griped about the loss of "Www" and "Https" in Chrome's address bar to make Google rethink it: Chromium developers are testing a new Omnibox context menu that would give users the option to "Always Show Full URLs.". On 17 March, Chromium developers outlined the plan for users to opt-out of URL snippage in a post on the bug tracker titled "Implement Omnibox context menu option to always show full URLs".

This weekend, the Wall Street Journal reported that US government officials are using location data from millions of cellphones to understand citizens' movements and how they're affecting the spread of the disease. Other countries are taking a soft approach to using location data for the public good.