Security News > 2020 > August

An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of the state's longest-running drug importation investigations. In April, new technology "Capabilities" allowed authorities to probe the encrypted device.

Garmin, the GPS and aviation tech specialist, reportedly negotiated with Evil Corp for an decryption key to unlock its files in the wake of a WastedLocker ransomware attack. Sources reportedly shared photos with BleepingComputer of a Garmin computer with encrypted files with the.

The OpenSSF is a consolidation of several pre-existing efforts in the same space and intends bring the Open Source Security Coalition and the Core Infrastructure Initiative under one roof. The CII is an existing Linux Foundation project that has wide support, including from AWS, Facebook, Huawei, Cisco, Intel, Qualcomm, and VMware, as well as most of the OpenSSF founder members mentioned above.

Its underlying truth is undeniable: today's technology, particularly at a time of wholesale digital transformation, has expanded the threat surface exponentially, and it keeps expanding all the time, frequently exceeding the bandwidth of human operators to triage which threats are more critical. Research from the North Carolina State University found that leaks of digital secrets - passwords, cryptographic keys, API, and access credentials to more than 100,000 private code repositories - take place on development platforms such as GitHub thousands of times a day.

The Linux Foundation announced the formation of the Open Source Security Foundation, a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community with targeted initiatives and best practices. It combines efforts from the Core Infrastructure Initiative, GitHub's Open Source Security Coalition and other open source security work from founding governing board members GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others.

High-severity vulnerabilities found by researchers in Mitsubishi Electric factory automation products can be exploited to remotely attack organizations. According to advisories published last week by the U.S. Cybersecurity and Infrastructure Security Agency, tens of factory automation products from Mitsubishi Electric are affected by three flaws that can be exploited for privilege escalation, arbitrary code execution and DoS attacks.

Critical flaws in the popular Meetup platform were revealed Monday as part of research unleashed at this week's Black Hat USA 2020. Erez Yalon, the director of security research with Checkmarx, discussed why these critical vulnerabilities are a "Holy grail" for attackers, and explained how the bugs are indicative of overall application security trends that will be discussed this week at Black Hat USA 2020.

A report released Monday by network monitoring provider Gigamon looks at the use of mobile devices on business networks and the risks posed by mobile malware and inadequate security. The report also offers several pieces of advice on protecting your organization from mobile threats.

One of the first announcements at BlackHat USA 2020 is an open-source tool to fight malware that BlackBerry first used internally and is now making available to everyone. At BlackHat USA 2020, BlackBerry announced on Monday that its open-source internal tool PE Tree is now available for all security professionals to use for reverse engineering malware.

"We discovered and stopped a sophisticated attempted ransomware attack," Blackbaud CEO Michael Gianoni has told financial analysts - failing to mention the company simply paid off criminal extortionists to end the attack. As we reported, Blackbaud paid a demanded ransom back in May before quietly notifying the world two months later.