Security News > 2020 > September

Cybercriminals are exploiting a $100 million Facebook grant program designed for small businesses impacted by the pandemic, to phish personal information and take over Facebook accounts. They pointed out that there is in fact, a real CNBC article about coronavirus-related Facebook grants, but the legitimate program is for small businesses, not individuals.

Samsung brags to advertisers that "First screen ads", seen by all users of its Smart TVs when they turn on, are 100 per cent viewable, audience targeted, and seen 400 times per TV per month. "Dear Samsung, why are you showing Ads on my Smart TV without my consent? I didn't agree to this in the privacy settings but I keep on getting this, why?" said a user on Samsung's TV forum, adding last week that "There is no mention of advertising on any of their brand new boxes".

According to the 2020 Insider Threat Report by Cybersecurity Insiders, the biggest enabler of insider attacks is the fact that in 61% of incidents the perpetrator had elevated access privileges to sensitive data and applications. Traditional perimeter security will not protect against over privileged insiders that want to access critical data.

Identity in a remote world has taken on added importance for cybersecurity leaders speaking in a webinar on the state of security and the evolving role of CISOs at VMworld 2020. "As security leaders, we have to make sure we don't make it a guessing game for employees, and they don't feel they have to be security experts." Sanders said his security team is building architecture and tools so that employees only need to think about whether they are doing their job.

It further highlighted resiliency as one of the key objectives of security programs to help businesses maintain productivity and drive competitive advantage. We now know how much is possible when we think of security within the context of enabling the business.

On Tuesday, Microsoft released its annual Digital Defense Report providing a glimpse of the trends shaping the cybersecurity landscape during the last year. The Digital Defense Report analyzes cybersecurity threats from the second half of 2019 through the first half of 2020.

A report published on Wednesday by security provider Kaspersky looks at how businesses have managed their cybersecurity in the face of IT budget cuts for 2020. The slice of the budget devoted to cybersecurity has risen, growing to 29% this year from 26% last year for enterprises, and to 26% this year from 23% last year for SMBs. Further, more than 70% of the respondents said they expect their cybersecurity budget to continue to increase over the next three years.

Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges - even eight months after Microsoft issued a fix. The flaw, which stems from the server failing to properly create unique keys at install time, was fixed as part of Microsoft's February Patch Tuesday updates - and admins in March were warned that unpatched servers are being exploited in the wild by unnamed advanced persistent threat actors.

Enterprise application access provider Axis Security this week announced that it has raised $32 million in Series B funding, which brings the total raised by the company to $49 million. The San Mateo, California-based firm was founded in 2018 and emerged from stealth in March this year, aiming to help organizations provide employees with easy and secure access to internal applications even when working from home.

A U.S. district judge has dismissed New Mexico's privacy claims against Google over privacy concerns, but New Mexico's top prosecutor vowed Monday to continue the legal fight to protect child privacy rights. "The law is clear that Google must protect our children's privacy, and we strongly disagree with the court's ruling," New Mexico Attorney General Hector Balderas said in a statement to The Associated Press.