Security News > 2020 > March

Careless and malicious insiders, overly complex IT infrastructure and having an excess of privileged users continue to pose serious risks to the integrity of corporate cybersecurity practices, says Timothy Brown of SolarWinds. The most important steps that IT and security professionals should be taking now to protect their organizations.

SpyCloud is out with its annual credential exposure report, and the bad news is: Password reuse continues to leave enterprises open to breach and account takeover. Chip Witt of SpyCloud shares some of the key takeaways and analysis.

Rail contractor RailWorks Corporation is notifying employees and third-parties that it recently fell victim to a ransomware attack in which sensitive information might have been compromised. The incident, which the company refers to as a "Sophisticated cyberattack," was clearly a ransomware attack, where cybercriminals managed to compromise systems within the contractor's environment and plant data-encrypting malware on them.

The company, which aims to help consumers improve their credit ratings, told customers that an external attack had compromised the two digits of bank account numbers used to make payments and the sort codes customers can use to unlock their savings. Loqbox works by a customer nominating a savings target and Loqbox creating an interest-free loan for that amount.

The mobile app of U.S. pharmaceutical retailer Walgreens inadvertently disclosed personal messages to other customers due to an internal application error, revealing some health-related information. Walgreens filed a copy of the data breach notification it has sent to affected customers with California's Office of the Attorney General, which makes those notifications public.

NVIDIA addressed the bugs in GPU Display Driver version 442.50, version 432.28, version 426.50, and version 392.59. For Tesla products running R418 versions, GPU Display Driver version 426.50 addresses the flaws.

Dubbed SurfingAttack by a US-Chinese university team, this is no parlor trick and is based on the ability to remotely control voice assistants using inaudible ultrasonic waves. Voice assistants - the demo targeted Siri, Google Assistant, and Bixby - are designed to respond when they detect the owner's voice after noticing a trigger phrase such as 'Ok, Google'.

Last week was a big one for non-profit digital certificate project Let's Encrypt - it issued its billionth certificate. Publicly announced in November 2014, Let's Encrypt offers TLS certificates for free.

Pharmacy store chain Walgreens has started informing some users of its mobile application that their personal and health-related information may have been seen by other customers. The Walgreens mobile application allows users to shop, refill their prescriptions, get pill reminders, consult a doctor or pharmacist via a live chat feature, print photos in stores, obtain rewards, and store coupons.

According to its maker, Trifo, the Ironpie home surveillance robot vacuum isn't just your dust bunnies' worst nightmare. It's true, the artificial intelligence -enhanced internet of things robot vacuum can indeed be connected to the internet via Wi-Fi, can be controlled remotely for vacuuming, and can remotely stream out video showing its surroundings, given that - like other IoT gadgets - it comes equipped with a video camera.