Security News > 2020 > March
UPDATE. Researchers are shedding light on a Microsoft Azure misconfiguration bug that leaked sensitive access tokens, which could have given hackers access to virtual machine instances and cloud-based storage buckets. According to CyberArk, it found the bug in September and Microsoft "Unintentionally" fixed it within two weeks as part of a regular update to its Azure platform.
Under the strain of the COVID-19 global pandemic, we're seeing a great number of people rise up to help others. People working from home depend on Wi-Fi routers that may not be secure;.
Released on Wednesday, Radware's report Coronavirus: Security Recommendations For Remote Access Threats explains how to safeguard your organization against remote access threats. VPNs. Remote workers rely on VPNs to gain secure access to an employer's network.
In its blog post released Tuesday, A Life of Cybercrime: The Inside Story of How a Nigerian Hacker Earned over $100,000, Check Point told the tale of a man referred to as "Dton." Single, 25 years of age, and a resident of Benin City in Southern Nigeria, Dton seems like a model citizen on the surface. Active for more than seven years, Dton has managed to rake in at least $100,000 from his illegal trade and likely several times that amount-a substantial income in light of the minimum wage and average salary in Nigeria, according to Check Point.
Cisco on Wednesday announced that it has patched a total of five vulnerabilities in its SD-WAN solution, including three that have been assigned a "High severity" rating. The high-severity vulnerabilities - all of them reported to Cisco by Orange Group - are caused by insufficient input validation.
Two of these vulnerabilities are under active attack. The first of two flaws under attack is a critical vulnerability that exists in the migration tool component of Apex One and OfficeScan.
Ransomware attacks are still happening, and more employees need to be trained on how to prevent them. TechRepublic's Karen Roby spoke with Rahul Kashyap, president and CEO of Awake Security, about the prevalence of ransomware and how to prevent it.
Ransomware attacks are still happening, and more employees need to be trained on how to prevent them.
The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol accounts. TrickBot is a malware strain that has been around since 2016, starting life as a banking trojan.
Researchers from Cybereason Nocturnus have been tracking the rise and variety of such attacks, which now include phishing, fake apps and ransomware. Beyond phishing, criminals have targeted home workers with fake apps offering coronavirus information, and false VPNs taking advantage of corporate advice to stay home and use VPNs. Reason Labs' Shai Alfasi found a fake 'coronavirus map' offering information on the spread of the pandemic, but hiding an AZORult-related infostealer.