Security News > 2020 > July

The European Union has, for the first time ever, slapped sanctions on hacking crews. "Sanctions are one of the options available in the EU's cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool," the EU said of the decision.

Cisco has released another batch of critical security updates for flaws in Cisco Data Center Network Manager and the Cisco SD-WAN Solution software. Cisco Data Center Network Manager is the network management platform for all NX-OS-enabled deployments, spanning new fabric architectures, IP Fabric for Media, and storage networking deployments for the Cisco Nexus-powered data center.

The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states. Out of the six individuals sanctioned by the EU include two Chinese citizens and four Russian nationals.

"I poked about in the Zoom app and noticed the default passwords being six digits and numeric, meaning one million maximum passwords," Anthony explained in a write-up this week. While Anthony focused on the web client for his research, he believed the issue was present in all forms of the Zoom client.

Twitter has offered further explanation of the celebrity account hijack hack that saw 130 users' timelines polluted with a Bitcoin scam. "The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack," says a July 30 update to Twitter's incident report.

As most endpoint security products handle file-based attacks relatively well, scripts are an excellent way for attackers to avoid making changes to a disk, thus bypassing the threat detection capabilities of most products. This article provides an overview of the current script threat landscape as well as the most common script attacks and methods.

To select an appropriate endpoint protection solution for your business, you need to think about a variety of factors. As malicious actors target endpoints with new types of attacks designed to evade traditional endpoint prevention tools, organizations must seek out advanced endpoint detection and response solutions.

McAfee MVISION Cloud now maps threats to MITRE ATT&CK. With the introduction of ATT&CK into McAfee MVISION Cloud, there is no longer the need to manually sort and map incidents to a framework like ATT&CK or to learn and operationalize a separate framework for cloud threats and vulnerabilities, which can be cumbersome and time consuming - especially as cloud-native threats become more abundant. Amazon Fraud Detector is a fully managed service that makes it easy to quickly identify potentially fraudulent online activities like online payment and identity fraud.

Since measuring the time taken to execute cryptographic algorithms is crucial to carrying out a timing attack and consequently leak information, the jitter on the network path from the attacker to the server can make it impractical to successfully exploit timing side-channels that rely on a small difference in execution time. The new method, called Timeless Timing Attacks by researchers from DistriNet Research Group and New York University Abu Dhabi, instead leverages multiplexing of network protocols and concurrent execution by applications, thus making the attacks immune to network conditions.

The cybersecurity skills crisis continues to worsen for the fourth year in a row and has impacted 70 percent of organizations, as revealed in a global study of cybersecurity professionals by ISSA and ESG. Cybersecurity profession crisis. Cybersecurity pros need a globally accepted career development plan.