Security News > 2020 > June

The library "Boasts a suite of tools for machine learning and data analytics tasks, all with built-in privacy guarantees," according to Naoise Holohan, a research staff member on IBM Research Europe's privacy and security team. Differential privacy allows data collectors to use mathematical noise to anonymize information, and IBM's library is special because it's machine learning functionality enables organizations to publish and share their data with rigorous guarantees on user privacy.

At least 31 organizations in the United States have been targeted with the recently detailed WastedLocker ransomware, Symantec reports. Last week, NCC Group security researchers revealed that the WastedLocker ransomware is being deployed against carefully selected targets and that the SocGholish fake update framework and a custom Cobalt Strike loader are used for malware dissemination.

Larry Whiteside Jr. wants to solve the talent shortage in cybersecurity and open up economic opportunities to women, Black people, and Latinx people. As the latest president of the International Consortium of Minority Cybersecurity Professionals, he has a new list of priorities for the non-profit.

British infosec businesses are celebrating the 30th birthday of the Computer Misuse Act 1990 by writing to Prime Minister Boris Johnson urging reform of the elderly cybercrime law. The Computer Misuse Act received Royal Assent on 29 June 1990, before "The concept of cyber security and threat intelligence research," the CyberUp campaign group said in its letter [PDF].

When Adobe released security updates for Magento last week, it warned that the Magento 1.x branch is reaching end-of-life and support on June 30, 2020, and that those were the final security patches available for Magento Commerce 1.14 and Magento Open Source 1. "If you have a store that continues to run on Magento 1 after June 30, please be aware that from that date forward you have increased responsibility for maintaining your site's security and PCI DSS compliance," Adobe warned.

The new Edge browser will soon warn you if one of your passwords shows up in a data breach - a feature based on an Azure service that enterprises can already use to protect user passwords. Browser extensions like PassProtect warn you if the password you're using to log into a site is known to have been compromised and listed in a data breach, often based on the excellent Have I Been Pwned service.

The coder who created the massive Satori botnet of enslaved devices and a handful of other botnets will be spending 13 months behind bars, the US Attorney's Office of Alaska announced on Friday. In September 2019, he pleaded guilty to operating the Satori botnet, made up of IoT devices, and at least two other botnets; to running a DDoS-for-hire service; to cooking up one of the evolving line of botnets while he was indicted and under supervised release; and to swatting one of his former chums, also while on supervised release.

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

A Russian computer hacker who facilitated $20 million in credit card fraud and ran a sophisticated clearinghouse for international cybercriminals was sentenced Friday to nine years in prison. Prosecutors say Aleksei Burkov of St. Petersburg, Russia, filled a unique niche in the world of cybercrime, describing his Direct Connection website as "The most exclusive criminal forum on the web." Would-be participants had to put up a $5,000 bond and have three existing members vouch for them.

Where such a large number of distributed devices is involved, Qualys VMDR minimizes the hassle of tracking those assets and checking what patches and/or mitigations are missing, which pose a high risk to the organization. The recommended patches in the prioritization report take into account the supersedence of the patches and dynamically maps patches to the vulnerabilities to identify the exact patch which will fix the vulnerability(s).