Security News > 2020 > June


Nearly 1,000 vulnerabilities were found in popular open source projects in 2019, more than double compared to the previous year, according to a report published on Monday by risk management company RiskSense. RiskSense has analyzed 54 open source projects in which nearly 2,700 vulnerabilities were reported between 2015 and March 2020.

A Korean threat actor known as Higaisa has been employing malicious LNK files in recent attacks targeting organizations that use the Zeplin collaboration platform. Over the past several weeks, the hackers launched multi-stage attacks that employed malicious shortcut files and resulted in the delivery of decoy PDF documents, malicious scripts, and payloads.

The release of a fully functional proof-of-concept exploit for a critical, wormable remote code-execution vulnerability in Windows could spark a wave of cyberattacks, the feds have warned. Microsoft patched the bug tracked as CVE-2020-0796 back in March; also known as SMBGhost or CoronaBlue, it affects Windows 10 and Windows Server 2019.

The CFO of a small company that was the victim of a ransomware attack reveals why they paid the ransom to gain back control of their systems. TechRepublic's Karen Roby talked with the CFO of a small company in Kentucky that fell victim to a ransomware attack.

The CFO of a small company that was the victim of a ransomware attack and reveals why they paid the ransom (in Bitcoin) to gain back control of their systems.

Researchers are warning of an ongoing phishing attack that's targeting the credentials of more than 100 high-profile executives at a German multinational corporation that's tasked with procuring coronavirus medical gear for Germany. The company, left unnamed by researchers, is part of a task force created March 30 by the German government and the private sector to procure personal protective equipment for healthcare workers on the front lines of COVID-19, such as face masks and medical equipment.

Some have claimed the Trump administration's concerns have more to do with losing the 5G arms race than anything else, but ostensibly its chief worries have been chalked up to security, with the US government claiming Huawei's 5G kit could be backdoored by Beijing. For its part, earlier this year, the UK's Department for Digital, Culture, Media & Sport labelled Huawei as a "High-risk" vendor over its perceived ties to the Chinese government, and issued strong new rules prohibiting carriers from using the firm's equipment within the core 5G network.

Security flaws in open source software have increased and can take a long time to be added to the National Vulnerability Database, says RiskSense. A report released Monday by vulnerability management firm RiskSense describes the impact of security vulnerabilities on OSS. For its report "The Dark Reality of Open Source," RiskSense found that the total number of CVEs in OSS are on the rise, more than doubling to 968 in 2019 from 421 in 2018 and 435 in 2017.

Apple has announced the availability of a series of open source tools designed to foster collaboration between password manager developers. Published on GitHub in the Password Manager Resources repository, the tools should help developers create strong passwords compatible with popular websites.