Categories
Breach CVE Cyber Security Data leak DDoS Hacking Scam Spying Vulnerability

DDoS attacks triple in the second quarter of 2020, Anomaly Six collects and sells users location data, and more

Major cybersecurity events on 11th August 2020 (Evening Post): UK Court of Appeal declares face recognition technology usage by Welsh police to be unlawful. German parliament prepares for patient data protection laws and more digitalisation in the German healthcare system.

Round Up of Major Breaches and Scams

DoS Attacks Triple in Q2 to Target #COVID19 Home Workers

The volume of distributed denial of service (DDoS) attacks in the second quarter of 2020 increased three-fold from the same period last year, according to new data from Kaspersky. The Russian cybersecurity vendor claimed in its Kaspersky Q2 2020 DDoS attacks report that it detected and blocked 217% more DDoS attempts than in Q2 2019. This appears to run counter to usual seasonal trends, which see DDoS attacks peak at the start of the year and then decline through late spring and summer, it said.

Police face-recog tech use in Welsh capital of Cardiff was unlawful – Court of Appeal

In a shock ruling today, the UK Court of Appeal has declared that South Wales Police broke the law with an indiscriminate deployment of automated facial-recognition technology in Cardiff city centre. “The Respondent’s use of Live Automated Facial Recognition technology on 21 December 2017 and 27 March 2018 and on an ongoing basis… was not in accordance with the law,” ruled Sir Terence Etherton, president of the Court of Appeal, along with senior judges Dame Victoria Sharp and Lord Justice Singh.

Collecting and Selling Mobile Phone Location Data

The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that’s used by “more than 500 mobile applications.” Through that SDK, the company collects location data from users, which it then sells. Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients. The company told The Wall Street Journal it restricts the sale of U.S. mobile phone movement data only to nongovernmental, private-sector clients.

Experts Warn of ‘Consultants’ Promising to Secure Fake COVID Aid

US consumer rights experts are warning of a new wave of fraudulent services claiming to help individuals and businesses get free money from government COVID-19 aid programs. The Better Business Bureau (BBB) claimed that victims can be snared via dishonest social media ads, search results and even recommendations from unwitting friends and family. If they click through to the scam site, fake ‘consultants’ will promise to secure government aid money where in the past an application may have been denied — for example from the US Small Business Association.

Germany Prepares New Law for Patient Data Protection and Increased Digitalisation in Healthcare and for “Data Donations” for Research Purposes

On 3 July 2020, the German parliament passed a draft bill (German language) for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in autumn 2020. One of the main objectives of the bill is to make everyday life easier for patients and healthcare professionals by increasing use of innovative digital applications, while protecting sensitive health data.

Round Up of Major Vulnerabilities and Patches

TeamViewer flaw can allow hackers to steal System password

TeamViewer has recently addressed a high-risk vulnerability (CVE 2020-13699), that could be exploited by remote attackers to steal system password and potentially compromise it. TeamViewer is a popular software application for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers. The vulnerability, classified as an “Unquoted URI handler”, could be triggered by tricking the victims into visiting a malicious web site.

Security Experts gave tips on how to protect online conferences from hackers

Video conferencing services attracted the attention of hackers because they gained huge popularity during the coronavirus pandemic. On Thursday, attackers disrupted a court hearing in the case of a Florida teenager accused of organizing the hijacking of a number of Twitter accounts. The hearing was held via the Zoom video conference service. The attackers disguised their names as CNN and the BBC and gained access to the conference, after which they began broadcasting pornographic videos and swearing. After that, the court session was postponed.

Parallels Desktop 16 adds Big Sur support, 3D Metal support, and more

Parallels Desktop 16 launched on the Mac today. It’s the latest major release of the software used by developers and others to run Windows, Linux, and macOS applications and virtual machines under macOS. Its most notable offering is full support for macOS Big Sur. According to the Parallels representatives Ars spoke with, Big Sur support was no small task: Big Sur ended support for the third-party kernel extensions that Parallels built on. That meant an enormous amount of work was required to play nice with Big Sur—25 human-years of engineering work, they claimed.