Security News > 2020
The American Civil Liberties Union is suing the Department of Homeland Security over its failure to cough up details about its use of facial recognition at airports. The ACLU says that the lawsuit challenges the secrecy that shrouds federal law enforcement's use of face recognition surveillance technology.
Researchers who uncovered a data exposure from mobile app Whisper earlier this week have released more details about the incident. Whisper is an app from MediaLab, a mobile app company that owns a host of other apps including the popular messaging service Kik.
The reason for this is, whilst it's easy enough to design a keyboard and display system on a "Secure token" that you can use as easily as a smallish mobile phone, the real usabiliry problem is getting the various plain/cipher texts in and out of the device into the communications channel end point device without compromising the "Secure token" by extending the communications channel into it via a side channel of some form. Then there are a whole load of other hardware level Shannon Channels for "Signaling" including in some cases "Break" on the basic Tx-Rx channels.
The number of disclosed open source software vulnerabilities in 2019 reached over 6000, up from just over 4,000 in 2018, a new WhiteSource report says. "This can be attributed to the rise in awareness to open source security following the widespread adoption of open source components and the massive growth of the open source community over the past few years, along with the media attention directed at recent data breaches," the company noted.
The number of vulnerabilities in open source projects surged almost 50 per cent in 2019, according to security biz WhiteSource, which can be seen as good news in the sense that you don't find what you're not looking for. "The problem with open source vulnerabilities is that, like everything in the open source community, once something is reported all the information is public and every beginner hacker can learn the vulnerability and it's exploitation and then execute it on a large number of applications."
While over half of organizations use artificial intelligence or machine learning in their security stack, nearly 60 percent are still more confident in cyberthreat findings verified by humans over AI, according to WhiteHat Security. The survey responses of 102 industry professionals at RSA Conference 2020 reflect the need for security organizations to incorporate both AI- and human-centric offerings, especially in the application security space.
Despite a previous warning by Ben-Gurion University of the Negev researchers, who exposed vulnerabilities in 911 systems due to DDoS attacks, the next generation of 911 systems that now accommodate text, images and video still have the same or more severe issues. In the study the researchers evaluated the impact of DDoS attacks on the current and next generation 911 infrastructures in North Carolina.
That's the finding from a survey from Axonius, which reveals how trends including the ever-increasing number of end-user devices, rapid cloud adoption, and the looming IoT explosion are leading to increased complexity and risk and decreased visibility. Pressure on IT and security teams to deal with major security gaps.
Most computer systems are still very easy to hack, due to a vulnerability in memory chips produced by Samsung, Micron and Hynix, according to a study by researchers from VUSec of the Vrije Universiteit Amsterdam. The vulnerability in question is called Rowhammer, a design flaw in the internal memory chips of a device that creates the vulnerability.
In addition to analyzing how organizations are saving money and growing revenue with data, the study assessed respondents' different stages of data maturity based on criteria such as the prevalence of modern analytics tools and skill sets and the effectiveness of the organization at operationalizing its data. Stage 1: Data Deliberator - Organizations that are in the early phase of their data strategy implementation.