Security News > 2020 > April

Morrisons supermarket is not liable for the actions of a disgruntled employee who deliberately leaked nearly 100,000 employees' payroll data online, Britain's Supreme Court has ruled. Supreme Court judge Lord Reed ruled: "First, the disclosure of the data on the internet did not form part of Skelton's functions or field of activities," also decreeing that previous findings by the High Court and Court of Appeal were mistaken in law.

A vulnerability discovered in the package manager of the OpenWRT open source operating system could allow attackers to compromise the embedded and networking devices running it. About OpenWRT. OpenWRT is an open source, Linux-based operating system that can be run of various types of networking devices instead of the software/firmware that vendors usually ship with them.

SecurityWeek today announced the launch of Security Summits, a new virtual event series designed to allow participants from around the globe to immerse themselves in a virtual environment to discuss the latest cybersecurity threats and challenges facing enterprise organizations. Through a cutting-edge platform, these virtual experiences enable security professionals to interact with other online attendees, speakers and sponsors, and visit networking lounges and sponsor booths.

A critical vulnerability in the Rank Math SEO plugin for WordPress could allow attackers to lock administrators out of their own websites, WordPress security company Defiant reports. Meant to help site owners get access to search engine optimization tools that would improve their SEO and attract more traffic, the plugin has over 200,000 installations.

Daniel's Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. It's unclear when, or if, it will be back up....

San Francisco-based cloud security startup Panther Labs has launched the first stable version of its open-source security information and event management solution, Panther. Advertised as "a powerful alternative to traditional SIEMs like Splunk," Panther is self-hosted and it uses Python to analyze logs from popular security tools, and also includes support for analyzing cloud resources with policies to help discover vulnerable infrastructure and establish security best practices.

After re-Chroming its Edge browser last summer, Microsoft this week announced a list of new security and privacy features it plans to add to forthcoming versions in an effort to take on its rivals. The third is called Password Monitor, a feature that will tell Edge users when usernames and passwords they've entered on a website have been found on the dark web.

Apple's latest update to macOS Catalina appears to have broken SSH for some users. The issue is that under Apple's macOS 10.15.4 update, released on March 24, trying to open a SSH connection to a port greater than 8192 using a server name, rather than an IP address, no longer works - for some users at least.

Marriott International has suffered a new data breach in mid-January 2020, which affected approximately 5.2 million guests. "Although our investigation is ongoing, we currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver's license numbers," Marriott International stated.

Researchers have published proof-of-concept exploits to demonstrate that the Windows vulnerability tracked as SMBGhost and CVE-2020-0796 can be exploited for local privilege escalation. The critical flaw, described as "Wormable" and related to the way SMB 3.1.1 handles certain requests, affects Windows 10 and Windows Server versions 1903 and 1909.