Security News > 2020 > May

We need to inform you of a security incident impacting your GoDaddy web hosting account credentials. The investigation found that an unauthorized individual had access to your login information used to connect to SSH on your hosting account.

A new botnet has been infecting internet of things devices and Linux-based servers, to then leverage them in distributed denial-of-service attacks. The malware, dubbed Kaiji, has been written from scratch, which researchers say is "Rare in the IoT botnet landscape" today.

It has released a free image for Raspberry Pi devices that transforms the single-board computer into a full-featured remote work appliance. ItPi is installed, businesses will be able to use their Raspberry Pi to enable remote access to Windows and Mac desktop computers, NAS devices, file servers, other in-office network assets, as well as aggregate those remote assets.

European law enforcement authorities say they have dismantled a cybercrime group named "InfinityBlack" after arresting several individuals in Poland and Switzerland. Europol said the site was run by a group that set up multiple platforms specializing in the sale of compromised login credentials.

Google has patched a vulnerability in its Android OS that could allow attackers to completely take over someone's device to install programs, steal or change data, or create new accounts with full privileges. The flaw was one of 39 vulnerabilities affecting Android OS builds that use older security profiles and are spread throughout various components of Android that the company fixed in its latest security patch, according to a security bulletin published Monday.

As governments race to develop mobile tracing apps to help contain infections, attention is turning to how officials will ensure users' privacy. Traditional methods involving in-person interviews of patients are time consuming and labor intensive, so countries want an automated solution in the form of smartphone contact tracing apps.

An analysis conducted by FireEye's Mandiant Security Validation team revealed that only a small percentage of attacks generate alerts and many intrusions are not detected by security solutions. The cybersecurity firm's experts determined that in many cases security tools are not optimized, which can be a result of unchanged default configurations, security events not making it to the security information and event management solution, unexpected infrastructure changes, the lack of tuning and tweaking after deployment, and the inability to force controls testing.

Ahead of World Password Day, a survey finds management is worse than junior staff at practicing good password hygiene, according to SecureAuth. Just in time for World Password Day Thursday, password reuse remains rampant, with 53% of people admitting they use the same password for different accounts, which exemplifies poor password hygiene, according to a newly released report by identity company SecureAuth.

A report from LastPass, the password manager owned by LogMeIn, reveals "Cognitive dissonance" prevails because despite repeated warnings and breaches, which have a great financial and personal impact, most people are not practicing safe tech hygiene. If you use the same password at work as you do at home, your company's information is at risk.

Two-thirds of people recycle the same password or use variations on the same basic one, according to LogMeIn. Even though more than 90 per cent of people surveyed by the password manager biz said they knew it was risky to recycle passwords or light variations on a theme, 66 per cent of respondents admitted they "Always or mostly use the same password or a variation".