Security News > 2020 > September

German authorities probing a cyber attack on a hospital's IT system that led to a fatal delay in treatment for a critically ill woman believe the software used can be traced back to Russian hackers. In an update to lawmakers published on Tuesday, prosecutors wrote that hackers used malware known as "Doppelpaymer" to disable computers at Duesseldorf University Hospital on September 10, aiming to encrypt data and then demand payment to unlock it again.

Thirty-nine percent of developers said the security team is responsible for securing apps, while 67% of AppSec practitioners said their teams are responsible, according to a new study. Seventy-five percent of application security practitioners and 49% of developers believe there is a cultural divide between their respective teams that could increase organizational risk, according to a new study by the Ponemon Institute and ZeroNorth, a provider of risk-based vulnerability orchestration across applications and infrastructure.

Organizations around the world face a shortage of IT security skills as a result of the coronavirus pandemic, with cybersecurity now the most in-demand technology skill in the world. A global survey of 4,200 IT leaders by tech recruiter Harvey Nash and KPMG found that four in 10 companies reported a rise in cybersecurity attacks, as workplaces moved from offices to the home.

Windows users looking to install a VPN app are in danger of downloading one that's been bundled with a backdoor, Trend Micro researchers warn. The trojanized installer is offered on third-party download sites and users who download and run it are unlikely to notice that something is wrong with it.

Microsoft has detailed the steps involved in the processing of vulnerability reports, so that reporting researchers know what to expect when submitting information on a bug. The portal, the tech company notes, delivers a secure and guided way for security researchers to share all of the necessary details required to reproduce a reported vulnerability and identify a fix for it.

The phones in trees seem to serve as master devices that dispatch routes to multiple nearby drivers in on the plot, according to drivers who have observed the process. They believe an unidentified person or entity is acting as an intermediary between Amazon and the drivers and charging drivers to secure more routes, which is against Amazon's policies.

In the absence of a working contact tracing app, the UK government has been forced to rely on manual data collection and human-powered tracing to identify potential cases of exposure to the Covid-19 virus. As this information is recorded and stored digitally, any concerns regarding an app-based approach to contact tracing also apply to manual contact tracing.

A United Kingdom national who was a member of 'The Dark Overlord' hacking group was sentenced to five years in federal prison, the United States Department of Justice announced this week. Wyatt admitted in a U.S. district court in St. Louis that, starting 2016, he operated as a member of the hacking group known as The Dark Overlord, which compromised the networks of multiple companies, including those in the financial, healthcare, legal, film, and other sectors.

The new anti-clone/fake app capability is part of Pradeo Security In-App Protection service and complements shielding capabilities. A fake app is built from scratch and simply includes some part of the code of the app it's pretending to be or mimics its interface.

Join us on September 29 – and get ready for 2020’s OWASP Top 10 Webcast OK, it’s only updated every three years or so, which means it’s not quite the same as breathlessly clustering around the...