Security News > 2020 > January

Iran's response to the recent U.S. airstrike that killed Qassem Soleimani, a senior Iranian military commander, could include cyberattacks, and organizations should be prepared to prevent and respond to attacks, cybersecurity professionals have warned. Tensions between the United States and Iran escalated following Soleimani's death and Iran has vowed revenge.

The immediate priority should be cleaning up CVE-201915975, CVE-201915976, and CVE-201915975, a trio of authentication bypass bugs that can be exploited remotely without authentication. CVE-2019-15976 describes the same issue via the SOAP API, while CVE-2019-15977 describes static credentials that only allow access to "Certain confidential information," but that infomation could be used for other attacks.

A ransomware attack reportedly caused an Arkansas-based telemarketing company to temporarily suspend its operations, leaving hundreds of employees unsure that they still had jobs days before Christmas. The Heritage Company, a 61-year-old telemarketing firm that works with nonprofit organizations, sent a letter to its more than 300 employees saying it has lost hundreds of thousands of dollars due to the attack.

Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches. The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices, the vendor said.

Gas stations are gearing up for a major change in credit-card fraud liability in October, when they will find themselves on the hook for card-skimming attacks at the pump. Dobieski however believes that with the shift in liability for attacks on card data looming, gas stations will indeed spend the next 10 months either finally upgrading their fuel pumps to chip-and-PIN, or, finding a workaround, such as implementing tokenization or point-to-point encryption.

When is a password breach not a password breach? When is a password warning a hoax? The "Poloniex emails and passwords" announced on Twitter seem to have been from a previous, unknown breach, and the crooks were simply chancing their arm by guessing that at least some of the account names and password might also work on the Poloniex site.

Iran has vowed "Severe revenge" against the United States for killing top commander Qasem Soleimani and will likely use its experience of asymmetric warfare to strike back at its arch foe. "We can't predict what direction Iran will choose to go in. But what we do know is that Iran acts in a calculated manner and takes very deliberate steps," said Ariane Tabatabai, associate political scientist at the Rand Corporation, a policy think tank in California.

A "Computer virus" has forced foreign currency exchange giant Travelex to shut down its online services and its app - leaving its retail locations to carry out tasks manually and many customers stranded without travel money. The latter said that its bureau-de-change services were offline until further notice because of the Travelex incident.

Foreign currency exchange Travelex has taken its UK website and services offline after malware was found on its systems on New Year's Eve. Founded by Lloyd Dorfman, Travelex is headquartered in London and company provides international payments, currency exchange services, and prepaid credit cards for travelers.

Certain federal agencies, especially units within the Department of Defense, still have plenty of work to do when it comes to sharing cybersecurity information and threat intelligence among themselves as well with the private sector, according to an unclassified report recently sent to Congress. While the audit found that substantial progress has been made on the sharing cybersecurity information and threat intelligence among agencies over the last two years, it pointed to several areas of ongoing concern, including the failure of certain Defense Department units to use appropriate policies and procedures for data sharing.