Security News > 2020

In the midst of the ongoing coronavirus pandemic, facial recognition technology is being adopted globally as a way to track the virus' spread. But privacy experts worry that, in the rush to implement COVID-19 tracking capabilities, important and deep rooted issues around data collection and storage, user consent, and surveillance will be brushed under the rug. "While facial recognition technology provides a fast and zero-contact method for identifying individuals, the technology is not without risks. Primarily, individuals scanned by facial recognition services need to be aware of how their data is being used."

Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection vulnerability found in Zyxel NAS storage devices, according to researchers at Palo Alto Networks' Unit 42 global threat intelligence team.

Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection vulnerability found in Zyxel NAS storage devices, according to researchers at Palo Alto Networks' Unit 42 global threat intelligence team.

Earlier this year, Prevailion's security researchers identified a TA505 campaign targeting German companies with fake job application emails, but the attacks appear to have started in June 2019, or even the month before. Through the use of legitimate tools that are unlikely to be removed by traditional security software, the attackers can perform a broad range of activities, such as stealing files, capturing screens, and even recording audio.

Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. Today, we must ensure that any automated data systems used to contain COVID-19 do not erroneously identify members of specific demographic groups as particularly susceptible to infection.

It's a problem that many believe explains the abrupt decision by Google to delay the release of Chrome 81, the stable version of which was scheduled to start appearing on users' computers on 17 March. Due to adjusted work schedules at this time, we are pausing upcoming Chrome and Chrome OS releases.

Welcome to Hong Kong, traveler, and to the mandatory, Disney MagicBand-esque tracking wristband we're about to slap onto your potentially infectious arm. As the area undergoes a COVID-19 resurgence, mostly brought in by travelers coming from European, US and Asian countries, it's now enforcing the quarantine on all incoming travelers, with the wristbands helping to ensure that they adhere to movement restrictions.

Cisco has fixed five security vulnerabilities in its Software-Defined WAN Solution, two of which could allow an authenticated, local attacker to either gain root privileges on the underlying operating system or to inject arbitrary commands that are executed with root privileges. While there is no indication that these flaw are being actively exploited, no workarounds addressing the vulnerabilities exist so upgrading to the Cisco SD-WAN Solution software release 19.2.2.

Firefox has decided it's time to burn the browser's FTP connections. Platform list, developer Michal Novotny announced "We plan to remove FTP protocol implementation from our code."

Having a sizable amount of employees suddenly working remotely can be a major change for organizations and presents numerous problems with regard to cybersecurity. Remote working can effectively widen an organization's attack surface.