Security News > 2020 > June

Mitsubishi Electric and its subsidiary ICONICS have released patches for the vulnerabilities disclosed earlier this year at the Pwn2Own Miami hacking competition, which focused on industrial control systems. White hat hackers earned a total of $280,000 for the exploits they demonstrated at the Zero Day Initiative's Pwn2Own contest in January, including $80,000 for vulnerabilities found in ICONICS's Genesis64 HMI/SCADA product.

Nearly three-quarters of IT professionals haven't increased their company's security posture during the COVID-19 pandemic - while 90 per cent highlighted remote working as a security risk, according to a survey. On the bright side, half of those people reckoned that remote working from home has increased productivity across the board while a further third said it was at about the same level as it was pre-coronavirus.

We've been receiving loads of survey scam emails lately - and you probably get heaps of these, too. Many brands ask questions of that sort, and sometimes offer small rewards for people who take the trouble to fill in the survey - $5 off your next purchase, for example, or a free product of modest value with your next order.

New Zealand police revealed Monday they had frozen NZ$140 million in assets linked to a Russian man accused of laundering money for organised crime using cyber currency. Police said they acted after discovering funds belonging to Alexander Vinnik, who is in custody in France facing fraud charges, were being held in a New Zealand company.

Targeting the CEO and others in an organization, the attacks spotted by cybersecurity firm Darktrace were detected due to artificial intelligence. A recent phishing attack observed by Darktrace used all of those methods in an attempt to deploy malware.

Microsoft announced on Monday that it has acquired industrial cybersecurity company CyberX in an effort to expand its Azure IoT security capabilities and extend them to industrial IoT and operational technology systems. Rumors of the acquisition emerged just weeks after CyberX announced new integrations with Microsoft Azure Security Center for IoT in an effort to provide organizations a unified view across their IoT devices.

An attacker with physical or privileged access to certain AMD powered systems could exploit the flaws to execute arbitrary code or take control of the firmware. AMD, which dubs the flaws "SMM Callout Privilege Escalation" bugs, released a fix for one of the three, CVE-2020-14032, on June 8.

Visa said it created the Advanced Identity Score to reduce the amount of digital identity fraud. The company described Advanced Identity Score as an effort to combine "Visa's artificial intelligence and predictive machine learning capabilities with application and identity related data to generate a risk score for new account applications to help reduce fraud, prevent negative impact to brand loyalty and trust, and eliminate operational costs due to remediation."

A stored cross-site scripting vulnerability in OSIsoft PI System, a product often present in critical infrastructure facilities, can be exploited for phishing, privilege escalation and other purposes. Researchers at industrial cybersecurity company OTORIO discovered that the PI Web API 2019 component of PI System is affected by a stored XSS vulnerability that allows an attacker with limited privileges on the targeted system to conduct various types of activities.

An IBM survey of professionals new to working remotely finds those employees pose serious security risks-and it may not be their fault. The report surveyed more than 2,000 people new to working at home due to the COVID-19 pandemic, and found that while 80% are confident in their organization's ability to handle cyberthreats that arise due to remote work, 45% also said that they haven't received any additional security training since going remote.