Security News > 2020 > March

Facebook Messenger may ban mass-forwarding of messages in an effort to lasso the runaway forwarding of COVID-19 fake news and rumors, it confirmed on Sunday. A Facebook spokesperson confirmed that the company's working on limiting the spread of misinformation on Messenger.

If you thought the Mirai botnet was bad, what about a version under the control of Russia's military that it could point like an electronic cannon at people it didn't like? That's the prospect we could face after the reported emergence of secret Russian project documents online last week. The documents, which come from hacking group Digital Revolution but haven't been verified, suggest that Russia's Federal Security Service, has been working on an internet of things botnet of its own called Fronton.

When Defender came to macOS as well as Windows, Microsoft announced that the name of the software was changing, from Windows Defender to Microsoft Defender. "One of the main reasons for doing this is to connect this protection into your enterprise system. Defender is about end-to-end protection for endpoint devices in your environment - it's plugged into Defender ATP as an EDR system, the signals are showing up in one consistent dashboard and it's detecting events and attacks, and providing security teams and SOC analysts with the tools they need to understand that bigger picture," he says.

On Monday morning a netizen with the handle IceJi publicly revealed the presence of that could be exploited to crash the software: specifically, the flaw is a buffer-overflow in the binary protocol header in memcached versions 1.6.0 and 1.6.1. Developers were not warned of the bug prior to the public disclosure.

On Monday morning a netizen with the handle IceJi publicly revealed the presence of that could be exploited to crash the software: specifically, the flaw is a buffer-overflow in the binary protocol header in memcached versions 1.6.0 and 1.6.1. Developers were not warned of the bug prior to the public disclosure.

Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill.

"Elite" hackers have tried - and failed - to breach computer systems and networks of the World Health Organization earlier this month, Reuters reported on Monday. The Canadian Centre for Cyber Security has also been warning Canadian health organizations about cyber criminals and spies.

On Sunday, the US Department of Justice announced that it shut down what it called a wire fraud scheme being carried out by the operators of a site in order to squeeze profit from the confusion and widespread fear surrounding COVID-19 - by promising to ship coronavirus vaccine kits that don't actually exist. There are currently no legitimate COVID-19 vaccines and the WHO is not distributing any such vaccine.

"It is hard or impossible to predict just how many times of skipping a good brushing it takes to get you in trouble with tooth pain, so we tend to take on more risk until we end up getting toothache and regret not investing enough on proactive maintenance," Ehsan Foroughi, Vice President of Products at Security Compass, told Help Net Security. "Proper security hygiene, when done in the traditional way, gets in the way of agility and creates the dilemma: should we take on risk to move fast in the business, or should we slow down and do the right thing? Unfortunately, human nature pushes many to choose the fast and risky approach which leaves them with a ticking time-bomb of a security incident waiting to happen."

IR providers face a unique challenge when approached by these organizations since, due to the Coronavirus mass quarantine, conducting incident response engagements by arriving physically to the customers' offices is impossible. Cynet 360, a tool of choice for a number of IR providers, enables responders to compensate on the lack of physical access with the ability to conduct a full IR operation remotely by seamless and rapid remote deployment, complete visibility into the attacked organization's environment, automated threat detection, and integrated MDR services.