Security News > 2020 > June

A Michigan man has been indicted for the 2014 hack of the University of Pittsburgh Medical Center's HR databases and theft of employees' personal information - information that he allegedly wound up selling on the dark web to crooks who used it to file thousands of bogus tax returns. The theft involved personally identifying information belonging to 65,000 employees from the medical center's PeopleSoft human resources management system.

Those running VMWare guest machines on Mac will want to update their software to get a security fix for VMware Tools. Earlier this month, Microsoft dropped its usual boatload of Patch Tuesday updates, sans a set for Office for Mac.

Amnesty International said Monday that software developed by Israeli security firm NSO Group was used to attack a Moroccan journalist, the latest in a series of allegations against the company. Amnesty said the Moroccan authorities used NSO's Pegasus software to insert spyware onto the cellphone of Omar Radi, a journalist convicted in March over a social media post.

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police car ablaze as it was broadcast live May 30.

Hundreds of thousands of files belonging to more than 200 law enforcement organizations across the United States have been leaked online after they were stolen by hackers from a web development company. The leak, dubbed BlueLeaks, includes information collected and generated by over 200 police departments, fusion centers, the FBI and other law enforcement organizations in various U.S. states.

Microsoft has announced improved identity and access management protections for AccountGuard users in the United States, ahead of the 2020 elections. Now, Microsoft is announcing enterprise-grade identity and access management protections for AccountGuard users in the U.S., at no cost.

AMD last week said it was preparing patches for a vulnerability affecting the System Management Mode of the Unified Extensible Firmware Interface shipped with systems that use certain notebook and embedded processors. Discovered by security researcher Danny Odler in AMD's Mini PC and tracked as CVE-2020-12890, the vulnerability is one of the three issues reported in April, allowing an attacker to manipulate secure firmware and execute arbitrary code while avoiding detection.

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

A group of hacktivists and transparency advocates has published a massive 269 GB of data allegedly stolen from more than 200 police departments, fusion centers, and other law enforcement agencies across the United States. Dubbed BlueLeaks, the exposed data leaked by the DDoSecrets group contains hundreds of thousands of sensitive documents from the past ten years with official and personal information.

The COVID-19 pandemic and its impact on the world has made a growing number of people realize how many of our everyday activities depend on software. DevOps has become the software delivery methodology of choice for many organizations.