Security News > 2020 > March

In an impeccable instance of horrible timing, the US government's Department of Health and Human Services says it fended off a cyberattack by online scumbags. The attack - presumably not a load of citizens hitting Uncle Sam's web servers looking for information - did not, we're told, have had any serious impact on operations, but with American's desperate for information about the coronavirus pandemic, the attempted takedown came at the worst possible time.

The U.S. Department of Health and Human Services was targeted with a distributed denial-of-service attack on Sunday, but the agency said it did not experience any significant disruption as a result of the incident. "Incident response takes time, and as this just occurred last night, more time for investigations will be required. Based on reporting, this appears to be some sort of denial of service attack and the barrier to entry for DOS attacks are low."

"The sophisticated cyberattacks that are the hallmark of nation state attacks often target digital keys and certificates that serve as machine identities." Over the last decade, there have been dozens of devastating attacks on government systems and infrastructure by militaries, with the severity and impact increasing as the years go by.

Microsoft Edge is one of the least private web browsers - even more so than other popular browsers like Google Chrome and Mozilla Firefox - according to academic researchers. According to the analysis, from Douglas Leith with the School of Computer Science and Statistics at Trinity College in Ireland, Edge sends privacy-invasive telemetry to Microsoft's back-end servers - including "Persistent" device identifiers and URLs typed into browsing pages.

Checkmarx, a provider of tools for testing source code for security issues, announced on Monday that private equity firm Hellman & Friedman has agreed to acquire a majority of the Company from Insight Partners in a deal valuing Checkmarx at $1.15 billion. "Checkmarx enables organizations to deliver secure software faster, by making security excellence intrinsic to software development," Checkmarx explaines.

If you want to enable two-factor authentication for Nextcloud on a per-user basis, it's just a simple app installation away.

If you want to enable two-factor authentication for Nextcloud on a per-user basis, it's just a simple app installation away. The first thing you must do is enable two-factor authentication for your Nextcloud server.

Today, for modest amounts of money, would-be scammers can buy high-quality phishing tools online, through the Dark Web, enabling them to skip all the fuss and bother of actually learning how to code or do graphics or any of the other steps required to successfully scam someone. There the price of a phishing page averaged $338. Phishing - essentially stealing sensitive information like passwords, credentials, reset notifications and other forms of access through trickery - is the single most common form of online attack.

Organizations have fallen behind with the patching of a Microsoft Exchange Server vulnerability addressed with Microsoft's February 2020 Patch Day updates and already targeted in attacks. The issue, which exists because keys created at installation are not unique, is tracked as CVE-2020-0688 and impacts Microsoft Exchange 2010, 2013, 2016, and 2019.

The U.S Department of Health and Human Services was the victim of a cyberattack on Sunday as the federal government attempts to deal with the coronavirus crisis, according to a report from Bloomberg. "The U.S. Health & Human Services fell victim to a Distributed Denial of Service attack yesterday when several endpoints controlled by a nation-state attacked their networks," Stephen Boyce, principal consultant at risk management and digital forensics firm Crypsis Group, said.