Security News > 2020 > June
Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability, which resides in Messenger version 460.16, could allow attackers to leverage the app to potentially execute malicious files already present on a compromised system in an attempt to help malware gain persistent/extended access.
DevOps company GitLab on Thursday announced the acquisition of software security testing firms Peach Tech and Fuzzit in an effort to expand its DevSecOps offering. Seattle-based Peach Tech has developed two major products: Peach Fuzzer, which helps developers find vulnerabilities in their code, and Peach API Security, which provides automated security testing for web APIs.
A blog post published Wednesday by Google explains what the company is doing to fight coronavirus-related attacks and what users can do to protect themselves as well. Implementing proactive monitoring for COVID-19-related malware and phishing emails, Google said that most of the observed threats are not new but are simply repackaged malicious campaigns designed to exploit all the attention on the coronavirus.
COVID-19 has completely changed the work world, but many organizations have seemingly failed to realize that security risks are changing as well, a new report finds. The report found that the shift to remote work has been massive: There has been a 39% decrease in companies with less than 25% of their staff working remotely, and a whopping 250% increase in companies with more than three-quarters of their full-time employees working from home.
Multistage targeted ransomware attacks against critical infrastructure, designed to maximize damage and recovery costs, are increasingly common. The attack was captured by Cybereason's 2020 honeypot research.
Kaspersky this week released a threat intelligence solution designed to help with the attribution of malware samples to known advanced persistent threat groups. The new Kaspersky Threat Attribution Engine, a commercial product available globally, uses a proprietary method to match malicious code against a malware database and link it to APT groups or campaigns based on code similarities.
There will be vulnerabilities that will allow attackers to manipulate or delete data across processes, potentially fatal in the computers controlling our cars or implanted medical devices. The new SGX attacks are known as SGAxe and CrossTalk.
The observed attack, Microsoft reveals, was aimed at mining for cryptocurrency using Kubernetes clusters, which is not surprising, given the fact that some nodes used for ML tasks are often relatively powerful, and in some cases include GPUs. "By exposing the Service to the Internet, users can access to the dashboard directly. However, this operation enables insecure access to the Kubeflow dashboard, which allows anyone to perform operations in Kubeflow, including deploying new containers in the cluster," Microsoft explains.
Crypto scammers hijacked three YouTube channels to impersonate Elon Musk's SpaceX channel, offering bogus BTC giveaways that earned them nearly USD $150,000 over the course of two days. According to Bleeping Computer and the reports filed in the BitcoinAbuse database, the scammers took over legitimate YouTube accounts and changed the branding to look like that of Elon Musk's rocket company.
Personal information of police officers in departments nationwide is being leaked online amid tense interactions at demonstrations across the U.S. over the police custody death of George Floyd and others, according to an unclassified intelligence document from the U.S. Department of Homeland Security, obtained by The Associated Press. Multiple high-ranking police officials in a number of cities, including Washington, Atlanta, Boston and New York have had their personal information shared on social media, including their home addresses, email addresses and phone numbers, the report warns.