Security News > 2020 > May

The Czech Republic and the United States have signed a joint declaration Wednesday for cooperating on security of 5G technology. The Czech government office said the document was signed remotely by Czech Prime Minister Andrej Babis and U.S. Secretary of State Mike Pompeo.

Passwords have been a staple for account identity verification for years, but with passwords continually reused or becoming easier to guess, users are realizing how vulnerable the tactic can be. More than half of IT professionals believe that eliminating passwords would improve the security of their organization.

The startling prediction came from Tobias Ellwood MP, chairman of the Defence Committee, as he presided over a hearing on 5G security and Huawei's involvement. "To put it in cruder terms, Russia is going to become more subservient to China." He added: "If Russia understands the weaknesses, the vulnerabilities or the back doors that China provides, it can be Russia continuing to do those cyber attacks at the behest of China."

After five years under the radar, the Naikon APT group has been unmasked in a long-term espionage campaign against several governments in the Asia-Pacific region. The Chinese APT group was first uncovered by Kaspersky researchers in 2015, in attacks against top-level government agencies around the South China Sea.

BEC attacks are targeted at businesses that do a lot of invoicing or wire transfers, with the goal of scamming them using social engineering into sending money to attackers. BEC attacks can use malware to gain access to computers used by invoice approvers and other financial decision-makers and use their credentials to wire themselves money, as well as harvest other kinds of personal information for use in other scams.

Security firm Check Point has found evidence that a Chinese government-linked hacking group has been infiltrating and gathering information on governments from around the Asia-Pacific region for more than five years. The group, known as Naikon Advanced Persistent Threat was first discovered in 2015, and after a report went public that named one of its members the group went silent.

CrowdStrike's "World Security Index" also showed that 60% of employees use their personal devices as they work remotely, and, likely without the security of the company's cyber protection. Security changes are quickly needed because "There's no sign of these attacks slowing down, which aligns with the spike in remote working due to the pandemic," Yeager said.

Most of the networks Facebook took down last month were still trying to grow their audience or had a large portion of phony engagement on their pages - engagement that came from the networks' own, fake accounts. Last month, Facebook pulled down a total of 1,887 misleading accounts, pages and groups which it traced to eight networks.

Five alleged members of hacking group InfinityBlack got some unexpected visitors last week when Polish law enforcement arrested them. InfinityBlack was a hacking group that specialised in stealing and distributing sets of online credentials known as combos, especially for loyalty rewards points accounts.

Nearly a third of organizations in Europe and the Middle East still see usernames and passwords as one of the most effective means to protect access to their IT infrastructure, two years after the inventor of the complex static password admitted they don't work, according to Thales. This continued reliance on outdated security comes despite IT leaders revealing it is increasingly easier to sell the need for security to their boards compared to last year.