Security News > 2020 > July

Check out a developer's picks of 10 essential iOS apps, which focus on security, productivity, and more. Over the past 13 years, as iPhones and iPads have become fixtures in more users' lives, the number of apps and the Apple App Store ecosystem have expanded to offer services and apps that iOS users rely on each day.

A small study found that many cybersecurity professionals are only somewhat confident in their CISOs and never get enough training time, but they like their jobs, mostly. Enterprise Strategic Group and the International Systems Security Association released its fourth annual cooperative research report The Life and Times of Cybersecurity Professionals 2020.

A wave of bogus job offer emails from leading aerospace and defense companies is actually a cybercrime campaign designed to harvest information about professionals in sensitive industries. Discovered by McAfee Advanced Threat Research, the campaign appears to have begun in April 2020 and was detected until mid-June, and there are telltale signs that the campaign is being orchestrated by known North Korean hacking groups.

At this year's Black Hat USA 2020 computer security conference, some of the top trends expected to surface include ransomware, election security and how to protect a remote workforce. Young continued, "At Black Hat 2020 I expect we'll hear most about XDR as threats have learned to not set off the known obvious alarms and blocking and are more stealthy as they move between traditional security silos. Related to that will be protecting a remote workforce, and the Mitre ATT&CK framework and more complex threat-hunting. Although the talks won't likely be labeled as such, cyber resilience will be a consistent thread reflecting the transformation that businesses and governments of all sizes had to undergo during the first half of this year."

CWT, a giant in the corporate travel agency world with a global clientele, may have faced payment of $4.5 million to unknown hackers in the wake of a ransomware attack. A CWT spokesperson declined to comment on whether the ransom was paid, or any technical details of the attack, or how it was able to recover so quickly.

The influence campaign does not merely spread false news content on social media platforms such as Twitter and Facebook, as other disinformation campaigns have done. "We have dubbed this campaign 'Ghostwriter,' based on its use of inauthentic personas posing as locals, journalists, and analysts within the target countries to post articles and op-eds referencing the fabrications as source material to a core set of third-party websites that publish user-generated content," according to FireEye researchers in a Thursday analysis.

Google this week announced a series of security and ease-of-use improvements for the Autofill feature in Chrome. "Biometric authentication is optional. You can choose to confirm your card with its CVC and you can also turn this feature on and off in Chrome Settings at any time," Google explains.

It appears that the patches released for Linux distributions in response to the GRUB2 bootloader vulnerability are causing problems for many users, making their systems unbootable. Completely patching BootHole is not an easy task as it will involve replacing vulnerable bootloaders and updating the Secure Boot revocation list to ensure that the old bootloaders cannot be executed, a process that requires collaboration between multiple software and hardware vendors.

Twitter has confirmed that the breach of several high-profile accounts that occurred on July 15 was caused by a phone spear phishing attack that targeted a small number of employees. Using the credentials of the affected employees, the attackers managed to compromise 130 different Twitter accounts, including those of Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, and Barack Obama, according to Twitter.

Email and data security provider Mimecast on Thursday announced the acquisition of messaging security company MessageControl. The acquisition, Mimecast says, will strengthen its Email Security 3.0 strategy, which seeks to provide enhanced security at email perimeter and beyond, and within the enterprise.