Security News > 2020 > March

For the first time ever, the Apache Pulsar PMC team is publishing a user survey report. The 2020 Apache Pulsar User Survey Report reveals Pulsar's accelerating rate of global adoption, details how organizations are leveraging Pulsar to build real-time streaming applications, and highlights key features on Pulsar's product roadmap.

MediaPRO, a leading provider of security and privacy training solutions, has announced a new partnership with BSI, the international business improvement company. The new alliance will enable BSI to offer its clients personalized privacy awareness and regulation specific training programs that can be tailored to their risk management priorities.

Nemko Group announced the acquisition of System Sikkerhet, a leading provider of assessment and consultancy services within the fields of information technology and cybersecurity. By acquiring a well-respected security certification solutions provider, Nemko will continue to fulfill the growing need for prompt and cost-effective solutions.

Exploring the risky behavior of IT security professionalsAlmost 65% of the nearly 300 international cybersecurity professionals canvased by Gurucul at RSA Conference 2020 said they access documents that have nothing to do with their jobs. Increase web application security without causing any user disruptionIn this podcast recorded at RSA Conference 2020, Jason A. Hollander, CEO, and Paul B. Storm, President at Cymatic, talk about how their platform builds a defensible barrier around the user, so web-based threats can be stopped at the source.

Mozilla is getting ready to remove support for the File Transfer Protocol from the Firefox web browser due to security concerns. The Internet giant aims to completely remove support for FTP in Chrome 82.

A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. "Malware could steal cookie files of any website from other apps in the same way and achieve similar results."

An Elasticsearch instance containing over 5 billion records of data leaked in previous cybersecurity incidents was found exposed to anyone with an Internet connection, Security Discovery reports. Most of the data, Diachenko says, appears to have been collected from previously known sources, but unrestricted access to such a collection would still represent a boon for cybercriminals, providing them with a great resource for phishing and identity theft.

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall products to take control of the devices and add them to a network of infected bots that can be used to carry out Distributed Denial of Service attacks.

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall products to take control of the devices and add them to a network of infected bots that can be used to carry out Distributed Denial of Service attacks.

Multiple zero-day vulnerabilities in digital video recorders for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm Qihoo 360's Netlab team, who say different attack groups have been using LILIN DVR zero-day vulnerabilities to spread Chalubo, FBot, and Moobot botnets at least since August 30, 2019.