Security News > 2020 > July

A senior NSA official speaking to reporters last week said that telework infrastructure like VPNs have become a focus for malicious actors, which led the NSA to release a formal advisory on how to secure VPNs from cyberattacks. "VPN gateways tend to be directly accessible from the internet and are prone to network scanning, brute force attacks, and zero-day vulnerabilities," the NSA bulletin said.

G Data security researchers have identified a new ransomware family that attempts to spread using infected USB drives. Dubbed Try2Cry, the new piece of ransomware borrows functionality from Spora, which first emerged three years ago.

Configure your iOS Lock Screen to block those picking up your device from reading messages, viewing the Today View, or interacting with Siri unless your device is unlocked first. We spend a lot of time on our mobile iOS devices and it may seem that securing our devices with Touch ID and Face ID is all we need to protect our data.

The Lazarus Group, state-sponsored hackers affiliated with North Korea, has added digital payment-card skimming to their repertoire, researchers said, using Magecart code. The analysis found that Lazarus was likely planting Magecart payment skimmers on major online retailer sites as early as May 2019.

A new phishing campaign spotted by Abnormal Security attempts to trick people with a phony Twitter security notification. A new phishing campaign analyzed by the security provider Abnormal Security shows how the attackers are taking advantage of Twitter users to steal account credentials.

A low-quality batch of malicious tools can sell for as low as $70, while a premium set can go as high as $6,000, according to the security research site Privacy Affairs. At the low end of the list, malware tools aimed at a global audience sell on average for as little as $70. However, this particular batch is sold as low quality, slow speed, and a low success rate.

A former Yahoo! employee who admitted to hacking into the accounts of thousands of users was sentenced last week to five years of probation. The man, Reyes Daniel Ruiz, 35, of Tracy, California, pleaded guilty in September 2019 to hacking roughly 6,000 Yahoo! accounts, looking for sexual photos and videos.

The Purple Fox exploit kit has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks - and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said that it appears to have been built to replace the Rig EK in the distribution chain of Purple Fox malware, which is a trojan/rootkit.

Miscreants have been nabbing British supermarket chain Tesco Clubcard discount codes to snap up Hotels.com rewards meant for holders of the retailer's loyalty cards. The 13-character discount code used the same first five characters, then three numbers for the discount amount, a colon, and then four final characters.

The proof is in the results: Phishing attacks of just one type - the business email compromise - have caused at least $26 billion in losses in the past five years alone, according to the FBI. The Heart of the Problem. Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.