Security News > 2020 > July

Twenty percent of the 88 billion total credential stuffing attacks observed during the reporting period targeted media companies, Akamai said. Media companies are an attractive target for criminals and saw a 63% year-over-year increase in attacks against the video media sector, the report said.

The Android-powered Google Pixel line of phones received a very important updated feature dedicated to user's personal safety. Learn how to use the Safety Check feature.

A report released Thursday by security service Exabeam contends that cyberthreats and financial risks have increased as the pandemic spread during the first half of 2020. For "The Exabeam 2020 State of the SOC Report," Exabeam commissioned Censuswide to survey more than 1,000 IT security professionals at small and midsized companies in the US and UK. Among all the respondents, 80% said they experienced "Slightly to considerably more" cyberattack attempts in the first half of the year, breaking down to 88% in the US and 74% in the UK. A third of those surveyed were hit by a successful cyberattack during this period, triggering network downtime for 38% in the US and 40% in the UK. The pandemic has taken a financial toll as well, affecting security budgets and employees.

Cisco on Wednesday released security advisories to inform customers of several critical vulnerabilities that can be exploited remotely to hack small business routers and firewalls that are no longer being sold. One of the critical flaws, which is tracked as CVE-2020-3330 and has a CVSS score of 9.8, affects Cisco Small Business RV110W Wireless-N VPN firewalls and it allows a remote and unauthenticated attacker to take full control of a device by connecting to it using a default and static password.

Britain's cyber-security agency on Thursday accused a hacking group it said "Almost certainly" operates as part of Russian intelligence services of trying to steal research into potential coronavirus vaccines. The National Cyber Security Centre said the attacks by the group APT29 were ongoing but targets have so far included UK, US and Canadian vaccine research and development organisations.

Massively popular video conferencing platform Zoom has worked with cybersecurity company Check Point to resolve a glaring security issue centered on vanity URLs. Check Point researchers Adi Ikan, Liri Porat, and Ori Hamama said in a study that they worked with Zoom to identify two ways cybercriminals could exploit the widely used feature.

Email phishing attacks work by spoofing or referencing well-known topics that the attackers hope will arouse fear or concern or interest on the part of the recipients. To compile its "Q2 2020 Top-Clicked Phishing Report," KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests as well as "In-the-wild" email messages that employees received and reported to their IT departments as suspicious.

Researchers at Armorblox recently spotted a pair of savvy campaigns leveraging Amazon: A credential-phishing attempt using a purported Amazon delivery order failure notice; and a voice phishing attempt also using Amazon delivery order. Both are examples of the ever-more sophisticated phishing efforts being developed by fraudsters that are aimed at gaming traditional email security efforts, researchers said.

Google this week announced Assured Workloads for Government, a new Google Cloud service meant to address some of the unique challenges faced by government organizations adopting cloud technologies. Currently available in private beta, Assured Workloads for Government seeks to simplify the process of configuring applications for compliance, while also ensuring compatibility between commercial and government cloud.

A crucial online data arrangement between Europe and the US was invalidated on Thursday, as a top EU court decision over Facebook threw trans-Atlantic big tech into legal limbo. Schrems' legal assault began after revelations by Edward Snowden of mass digital spying by US agencies, which the EU court at the time said were incompatible with European norms on privacy.