Security News > 2020 > March

If DevOps represents the union of people, process, and technology to continually provide value to customers, then DevSecOps represents the fusion of value and security provided to those same customers. DevSecOps incorporates discrete security elements and capabilities throughout the development process; "Security as code" is the hymn recited by development and security operations teams alike.

A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Attackers also tweeted in an account using the name "DoppelPaymer" that more files were on the way, alerting researchers that attackers likely used the DoppelPaymer ransomware in the attack, according to reports.

Patches released over the past several days for multiple WordPress plugins address vulnerabilities that have been actively exploited as part of the same website takeover campaign. The plugin is impacted by a vulnerability described as an "Unauthenticated stored XSS via plugin settings change."

This is in the Windows GPU Display Driver control panel for the GeForce, Quadro NVS, and Tesla products leading to a corrupt system file and escalation of privileges or denial of service. A second control panel flaw affecting the same products is CVE‑2020‑5958, which might allow the planting of a malicious DLL file with the same results as above along with information disclosure.

DoppelPaymer has set up a public website with files from companies it claims it has compromised but have not paid a ransom, and it now lists Visser on that site, together with excerpts of allegedly stolen data. In an effort to exert even more pressure on victims to pay, in part by trying to name and shame them in public, some ransomware groups are upping the ante by stealing data before they forcibly encrypt everything.

Maersk is preparing to make 150 job cuts at its UK command-and-control centre in Maidenhead - the one that rebuilt the global shipping giant's IT infrastructure after the infamous 2017 NotPetya ransomware outbreak. Company insiders told The Register they were first made aware of the situation in January, when confused staff found job adverts online for their own roles, posted by Indian outsourcer UCS, which is understood to be taking over the running of an outsourced CCC for Maersk.

Thousands of active WordPress plugins have been hit with a swathe of cross-site scripting vulnerabilities that could give attackers complete control of sites. Researchers at NinTechNet found a vulnerability in the WordPress Flexible Checkout Fields for WooCommerce plugin, which enhances the popular WordPress ecommerce system with the ability to configure custom checkout fields using a simple user interface.

In its 2020 Global Threat Report, CrowdStrike found that bad actors are disabling endpoint protection and compromising WordPress sites to steal data and credentials. CrowdStrike's eport includes a threat landscape overview, ransomware threat assessment, e-crime trends and activity, and an update on intrusions from Iran, North Korea, China, Russia and other countries.

Individuals are expected to use unique username and password combinations to access dozens of protected resources every day - their social media accounts, banking profile, government portals and business resources. Some enterprises choose to improve password security by increasing their policies and requiring the inclusion of a greater number and diversified types of characters in passwords.

In this podcast recorded at RSA Conference 2020, we're joined by the ThreatQuotient team talking about a threat-centric approach to security operations, the evolution of threat intelligence and the issues surrounding it. We are here today with the ThreatQuotient team to talk about all things security operations, the human element of cybersecurity, and the evolving landscape of threat intelligence.