Security News > 2020 > March

Every network administrator needs to know how to listen to port traffic on a server. Here's one way to do it on Linux.

Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems. "One reason for this decline is that our new protections are working-attackers' efforts have been slowed down and they're more deliberate in their attempts, meaning attempts are happening less frequently as attackers adapt," Google says.

KEEN is providing shoes to people most impacted by the COVID-19 pandemic, but their website was bombarded by malicious bots. The coronavirus pandemic is affecting every aspect of our lives and dozens of companies are chipping in to help those affected most by the current crisis.

Financially-motivated hackers believed to be operating out of Russia recently targeted companies in Western Europe, and the attacks apparently involved a combination of two Windows vulnerabilities that Microsoft did not expect to be exploited. According to Singapore-based cybersecurity firm Group-IB, the threat groups tracked as TA505 and Silence - the company previously found links between the two groups - targeted at least two pharmaceutical and manufacturing companies in Belgium and Germany in late January.

A run-down of Cisco's 2020 CISO Benchmark Report.

U.S. Sen. Mark R. Warner this week sent letters to six Internet networking device vendors urging them to ensure that their products remain secure during the COVID-19 social distancing efforts. The coronavirus pandemic has forced many to isolate themselves at home to help stop the virus spread, which resulted in a significant increase in the use of Internet networking devices for remote work, health, and education purposes.

Nextcloud allows you to enforce groups to use two-factor authentication. With Nextcloud Hub you can enable 2FA globally, for individuals, or for groups.

With so many people and organizations using Microsoft Office 365, phishers who exploit this brand can target a vast amount of people as a way to steal their account credentials, as described by Vade Secure. Phishing attacks that exploit Office 365 come in different varieties, according to Adrien Gendre, chief solutions architect at Vade Secure.

Researchers said the Apple VPN bypass bug in iOS fails to terminate all existing connections and leaves a limited amount of data unprotected, such as a device's IP address, exposing it for a limited window of time. "Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," researchers explained in a technical analysis of the flaw.

If you make use of the Firefox Multi-Container Account add-on, it now includes the ability to sync your customizations across your Firefox account. I've covered the installation and setup of this app in my post, How to use the Firefox Multi-Account Containers extension.