Security News > 2020 > March

A town clerk in the English county of Shropshire has been the subject of the first ever successful Freedom of Information prosecution after lying to a member of the public who made an FoI request. She pleaded guilty last week to breaking section 77 of the Freedom of Information Act 2000 by deleting a recording of a council meeting that was requested under the Freedom of Information Act.

The abrupt move of millions of people to working remotely has sparked an unprecedented volume of attacks to trick people into giving up credentials to attackers, according to security researchers. The pandemic has created a perfect storm for cyberattacks, with millions of people working in unfamiliar, less secure circumstances and eager for information about the virus and new organizational policies being implemented.

Attorney General William Barr vowed in an interview with The Associated Press on Tuesday that there would be swift and severe action if a foreign government is behind disinformation campaigns aimed at spreading fear in the U.S. amid the coronavirus pandemic or a denial of service attack on the networks of the Department of Health and Human Services. Barr told the AP the federal government would take action against anyone who was trying to take advantage of the crisis or against foreign governments that could be trying to spread misinformation and stoke fear or slow down the U.S. response to the virus.

Authorities in the United States and Israel are eyeing ways to use mobile-phone and other location-based data to help control the spread of the new coronavirus COVID-19, raising serious privacy concerns about the practice of using and sharing people's personal data during the time of a global health crisis. The government is mulling this potential compiling of people's personal and location-specific data with the purpose of mapping the spread of infection and using this knowledge to provide solutions to the problem, according to the report.

Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, Cynet has shared a few ways to best prepare for the Coronavirus derived threat landscape and provides a solution to protect employees that are working from home with their personal computers, because of the coronavirus.

Trend Micro has fixed two actively exploited zero-day vulnerabilities in its Apex One and OfficeScan XG enterprise security products, and advises customers to update to the latest software versions as soon as possible. CVE-2020-8467, a critical flaw in the migration tool component of the two solutions that could allow remote attackers to execute arbitrary code on affected installations.

A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a report published this week by risk analysis firm RiskSense.

Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines. VMware made its name offering server virtualisation products that recreate server hardware in software, allowing admins to run many virtual servers on the same physical box at once.

Uber is poised to file a federal lawsuit over Los Angeles's demands for what the company consider to be the city's privacy-invading demands for real-time location data of its users. This isn't an answer - LADOT hasn't been able to give one - but in general, LA wants the data for a new data standard called the Mobility Data Specification.

DDoS attacks come in different sizes and types and it's not been revealed which methods were used beyond the fact the attacks lasted for hours. These days, DDoS attacks are not the potent weapon they once were, primarily because large websites are protected by a newer generation of defences trained on a number of large attacks, hijacking a widening range of protocols.