Security News > 2020

Microsoft announced this week that has deprecated Remote Desktop Connection Manager due to security concerns. The application has been around for decades, providing users with the ability to manage multiple remote desktop connections, but Microsoft has long been investing in other solutions to provide users with remote desktop access.

VMware has patched three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that can be exploited to execute arbitrary code on the host from the guest operating system. "Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine," VMware said in an advisory.

The American Civil Liberties Union has filed suit the Department of Homeland Security over its use of facial recognition technology in airports, decrying the government's "Extraordinarily dangerous path" to normalize facial surveillance as well as its secrecy in making specific details of the plan public. "Our lawsuit seeks to make public the government's contracts with airlines, airports, and other entities pertaining to the use of face recognition at the airport and the border; policies and procedures concerning the acquisition, processing, and retention of our biometric information; and analyses of the effectiveness of facial recognition technology," Ashley Gorski, a state attorney for the ACLU, wrote in a blog post about the lawsuit published online Thursday.

Even a long-standing China-based APT has begun to use the threat in a new spear-phishing campaign. Researchers from Check Point Research have found a spear-phishing campaign targeting the Mongolian public sector and apparently emanating from China.

Sen. Josh Hawley and Sen. Rick Scott this week introduced a bill aimed at banning the use of the China-made TikTok application on government devices. Referred to as the "No TikTok on Government Devices Act," the new legislation would prevent government employees, diplomats, and politicians from downloading or using TikTok or other applications from the same developer on their government-issued phones.

President Donald Trump on Thursday signed into law a bill that provides $1 billion to help small telecom providers replace equipment made by China's Huawei and ZTE. The U.S. government considers the Chinese companies a security risk and has pushed its allies not to use Huawei equipment in next-generation cellular networks, known as 5G. Both companies have denied that China uses their products for spying. The Federal Communications Commission has already voted to bar U.S. phone companies from using government subsidies for equipment from the two Chinese companies.

House lawmakers prepared to extend surveillance authorities that expire this month, releasing legislation that represents a rare bipartisan agreement after members of both parties said they wanted to ensure the tools preserved civil liberties. House Democrats posted the text of a bill online, readying the legislation for a floor vote Wednesday before lawmakers leave Washington at the end of the week.

For years, Naked Security and Sophos have said #nobackdoors, agreeing with the Information Technology Industry Council that "Weakening security with the aim of advancing security simply does not make sense." EARN IT is a bipartisan effort, having been introduced by Republican Lindsey Graham, Democrat Richard Blumenthal and other legislators who've used the specter of online child exploitation to argue for the weakening of encryption.

A recently discovered Android Trojan was designed to gain root access on infected devices and hijack Facebook accounts by stealing cookies from the browser and the social media app. While it's uncertain how the Trojan infects devices - it does not exploit flaws in the Facebook application or the browser - it achieves root by connecting with another backdoor installed on the smartphone, and passes it a shell command.

Currency data provider Open Exchange Rates has started informing customers that their information was likely stolen by hackers. Open Exchange Rates provides a currency data API that is used by over 80,000 web developers.