Security News > 2020 > May

ThousandEyes, the Internet and Cloud Intelligence company, announced that customer success veteran Trevis Schuh has joined the management team as VP of Customer Engineering to ensure unmatched customer satisfaction in post-deployment support and services. To further empower customers, ThousandEyes has also established the Office of the CTO with the appointment of Cameron Esdaile as VP of Technology and Innovation.

Is the future of information security and tech conferences virtual?While RSA Conference USA - the largest information security conference in the world - managed to take place mere weeks before the World Health Organization declared COVID-19 a pandemic, European countries started closing borders and airlines started suspending routes and grounding planes, most infosec and tech events scheduled to take place after it were doomed. Understanding the basics of API securityThis is the first of a series of articles that introduces and explains application programming interfaces security threats, challenges, and solutions for participants in software development, operations, and protection.

"Such talk frightens people especially politicians who are shall we say not always the brightest or best the planet has to offer. However, we have to be careful. Because whilst we know there are going to be shortages in the food production side because some crops will not get grown due to lockdown. Rice is a big concern due to just how much of it is hand planted and is man power intensive to grow, protien foods such as"pork and poultry" have the same issue but they are also having their own pandemics as well. There is more than sufficient "food in storage to cover it and alternative food sources will be available.

Israeli spyware maker NSO Group has rubbished Facebook's claim it can be sued in California because it allegedly uses American IT services and has a business presence in the US. Last October, Facebook and its WhatsApp subsidiary sued the software developer and its affiliate Q Cyber Technologies in California, claiming that the firms made, distributed, and operated surveillance software known as Pegasus that remotely infects, hijacks, and extracts data from the smartphones of WhatsApp users. WhatsApp security manager Claudiu Gheorghe in a previous filing identified 720 malicious attacks on WhatsApp from the IP address 104.223.76.220, a server in California provided by QuadraNet and allegedly run by NSO. QuadraNet did not immediately respond to The Register's request to clarify the account holder for that IP address.

Unusually, the sample propagated through the employee pool via the infected company's mobile device management server. Perhaps most damagingly, cyberattackers can gain complete remote control of the device by running the TeamViewer remote access application.

Cybercriminals have taken notice as well, increasingly lacing popular movie torrents with dangerous malware that can damage your device. In a recent thread on Twitter, Microsoft Security Intelligence wrote at length that the team saw malware attached to torrents for popular "John Wick 3" and "Contagion" in Spain, Mexico, and a number of South American countries.

A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials. In a blog post published on Friday, Abnormal Security found a series of convincing emails designed to spoof notification messages from Microsoft Teams.

Information security professionals are facing increasingly complex threats—some new, others familiar but evolving.

A new report from Kaspersky found that cybercriminals are using the increase in delivery demand to push convincing phishing emails into thousands of inboxes. "The spikes in demand are causing in-transit times to stretch out. As a result, customers are getting used to receiving apologetic messages from couriers linking to updated shipping statuses. Recently, we have observed a number of fake sites and emails supposedly from delivery services exploiting the coronavirus topic," Kaspersky Lab anti-spam analyst Tatyana Shcherbakova wrote in a blog post.

A newly discovered piece of Android malware is targeting the users of close to 300 financial applications across the United States and Europe, Cybereason Nocturnus security researchers warn. Dubbed EventBot, the threat appears to be newly developed, as its code differs significantly from that of other Android malware out there.