Round Up of Major Breaches and Scams
The volume of distributed denial of service (DDoS) attacks in the second quarter of 2020 increased three-fold from the same period last year, according to new data from Kaspersky. The Russian cybersecurity vendor claimed in its Kaspersky Q2 2020 DDoS attacks report that it detected and blocked 217% more DDoS attempts than in Q2 2019. This appears to run counter to usual seasonal trends, which see DDoS attacks peak at the start of the year and then decline through late spring and summer, it said.
In a shock ruling today, the UK Court of Appeal has declared that South Wales Police broke the law with an indiscriminate deployment of automated facial-recognition technology in Cardiff city centre. “The Respondent’s use of Live Automated Facial Recognition technology on 21 December 2017 and 27 March 2018 and on an ongoing basis… was not in accordance with the law,” ruled Sir Terence Etherton, president of the Court of Appeal, along with senior judges Dame Victoria Sharp and Lord Justice Singh.
The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that’s used by “more than 500 mobile applications.” Through that SDK, the company collects location data from users, which it then sells. Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients. The company told The Wall Street Journal it restricts the sale of U.S. mobile phone movement data only to nongovernmental, private-sector clients.
US consumer rights experts are warning of a new wave of fraudulent services claiming to help individuals and businesses get free money from government COVID-19 aid programs. The Better Business Bureau (BBB) claimed that victims can be snared via dishonest social media ads, search results and even recommendations from unwitting friends and family. If they click through to the scam site, fake ‘consultants’ will promise to secure government aid money where in the past an application may have been denied — for example from the US Small Business Association.
On 3 July 2020, the German parliament passed a draft bill (German language) for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in autumn 2020. One of the main objectives of the bill is to make everyday life easier for patients and healthcare professionals by increasing use of innovative digital applications, while protecting sensitive health data.
Round Up of Major Vulnerabilities and Patches
TeamViewer has recently addressed a high-risk vulnerability (CVE 2020-13699), that could be exploited by remote attackers to steal system password and potentially compromise it. TeamViewer is a popular software application for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers. The vulnerability, classified as an “Unquoted URI handler”, could be triggered by tricking the victims into visiting a malicious web site.
Video conferencing services attracted the attention of hackers because they gained huge popularity during the coronavirus pandemic. On Thursday, attackers disrupted a court hearing in the case of a Florida teenager accused of organizing the hijacking of a number of Twitter accounts. The hearing was held via the Zoom video conference service. The attackers disguised their names as CNN and the BBC and gained access to the conference, after which they began broadcasting pornographic videos and swearing. After that, the court session was postponed.
Parallels Desktop 16 launched on the Mac today. It’s the latest major release of the software used by developers and others to run Windows, Linux, and macOS applications and virtual machines under macOS. Its most notable offering is full support for macOS Big Sur. According to the Parallels representatives Ars spoke with, Big Sur support was no small task: Big Sur ended support for the third-party kernel extensions that Parallels built on. That meant an enormous amount of work was required to play nice with Big Sur—25 human-years of engineering work, they claimed.