Security News > 2020 > April

Amazon Detective is a new security service that makes it easy for customers to conduct investigations into security issues across their AWS workloads. Amazon Detective automatically collects log data from a customer's resources and uses machine learning, statistical analysis, and graph theory to build interactive visualizations that help customers analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.

Named "Vollgar" after the Vollar cryptocurrency it mines and its offensive "Vulgar" modus operandi, researchers at Guardicore Labs said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet. Researchers claim the attackers managed to successfully infect nearly 2,000-3,000 database servers daily over the past few weeks, with potential victims belonging to healthcare, aviation, IT & telecommunications, and higher education sectors across China, India, the US, South Korea, and Turkey.

That's a good thing because miscreants hijacking unprotected Zoom calls is a thing. When we say end-to-end.... Despite Zoom offering a meeting host the option to "Enable an end-to-end encrypted meeting," and providing a green padlock that claims "Zoom is using an end to end encrypted connection," it appears that the company is able to access data in transit along that connection, and can also be compelled to provide it to governments.

Identity fraud affects around one in 15 people in the US and has never been higher in the UK. The fraudsters have built their own subculture as new tools and channels lower the bar for entry. While it seems surprising, there is a way to turn identity fraud into a positive customer experience.

Organizations today struggle with multi-product security stacks, that are expensive to purchase and maintain and also require a highly skilled security team to manually integrate and operate. This gives rise to a new security paradigm - Autonomous Breach Protection, a technology that delivers a full protection cycle from cyber threats and enables any organization to be secure, regardless of its security team is on-site or working remotely.

With half of Americans lacking confidence in companies and government when it comes to protecting personal information, it's no surprise three-quarters are more alarmed than ever about their privacy, according to a research from NortonLifeLock. Americans are split on who should be held most responsible for ensuring personal information and data privacy are protected.

The State of Western Australia has given itself the power to install surveillance devices in homes, or compel people to wear them, to ensure that those required to isolate during the coronavirus crisis don't interact with the community. It outlines the monitoring regime, and the fact that the State Emergency Coordinator has the power to require use of surveillance hardware.

"To combat ransomware and other threats, I advise IT security organizations to invest wisely in products that continuously discover and patch vulnerabilities, uncover advanced threats using machine learning and artificial intelligence, and continuously back up their data everywhere." The report found 85 percent of organizations are experiencing a shortfall of skilled IT security personnel, and survey respondents cited "Lack of skilled personnel" as their biggest obstacle to adequately defending against cyberthreats.

The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a half-dozen GoDaddy customers, including transaction brokering site escrow.com. In a statement shared with KrebsOnSecurity, GoDaddy acknowledged that on March 30 the company was alerted to a security incident involving a customer's domain name.

"Whether in the IoT or on social networks, there are many circumstances where old information is circulating and could cause problems - whether it's old security data or a misleading rumor," says Wenye Wang, co-author of a paper on the work and a professor of electrical and computer engineering at NC State. "Ultimately, our work can be used to determine the best places to inject new data into a network so that the old data can be eliminated faster," says Jie Wang, a postdoctoral researcher at NC State and first author of the paper.