Security News > 2020 > September

The Department of Homeland Security on Friday issued an Emergency Directive that requires federal agencies to install fixes for a Netlogon elevation of privilege vulnerability for which Microsoft released patches in August 2020. In its Emergency Directive 20-04, the DHS's Cybersecurity and Infrastructure Security Agency warns all federal agencies that applying Microsoft's patches is the only available mitigation for this critical vulnerability, aside from removing affected domain controllers from the environment.

Naked Security Live - here's the recorded version of our latest video. Enjoy.

Uncle Sam's Cybersecurity and Infrastructure Security Agency has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take "Immediate and emergency action" to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Microsoft's Netlogon cryptography.

Uncle Sam's Cybersecurity and Infrastructure Security Agency has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take "Immediate and emergency action" to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Microsoft's Netlogon cryptography.

Cyber threat intelligence sharing is a critical tool for security analysts. Common challenges for beginning a cyber threat intelligence sharing program.

Researchers at the National Institute of Standards and Technology have developed a new method called the Phish Scale that could help organizations better train their employees to avoid phishing. Many organizations have phishing training programs in which employees receive fake phishing emails generated by the employees' own organization to teach them to be vigilant and to recognize the characteristics of actual phishing emails.

According to the data, in H1 2020, 43 percent of the malicious mails on the radars of Group-IB Threat Detection System had attachments with spyware or links leading to their downloading. Ransomware, which in the second half of 2019 hid in every second malicious email, almost disappeared from the mailboxes in the first six months of this year with a share of less than 1 percent.

German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles away. The attack, which exploited a Citrix ADC CVE-2019-19781 vulnerability to cripple the hospital systems on September 10, is said to have been "Misdirected" in that it was originally intended for Heinrich Heine University, according to an extortion note left by the perpetrators.

Among businesses taking part in the study, 33% plan to increase their IT budgets in 2021, compared to 44% in the prior year, while 17% of companies expect IT budgets to decline in 2021. Among the businesses increasing IT spend in 2021, the following factors will influence budget growth next year: Increased priority on IT projects, changes to business operations during COVID-19, and the need to support a remote workforce.

While the COVID-19 outbreak has disrupted the lives and operations of many people and organizations, the pandemic failed to interrupt onslaught of malicious emails targeting people's inboxes, according to an attack landscape update published by F-Secure. Increase of malicious emails utilizing COVID-19 issues.