Security News > 2020 > September

McAfee announced the appointment of Venkat Bhamidipati as executive vice president and chief financial officer effective September 2, 2020. Bhamidipati joins McAfee from Providence, a healthcare company with $25B in annual revenues, where he was executive vice president and chief financial officer.

"Segra is fortunate to have such talented and experienced leaders join our team in such critical positions," said Tim Biltz, Chief Executive Officer. "We're welcoming Tanya as Segra's first Chief People Officer and Bruce as our Chief Information Officer. I'm looking forward to Tanya helping us strengthen our customer-first culture that allows our employees to best serve our customers while finding fulfillment in their jobs and careers."

Google this week increased the reward amounts paid to researchers for reporting abuse risk as part of its bug bounty program. Google added product abuse risks to its Vulnerability Reward Program two years ago and says that more than 750 such issues have been identified since.

The U.S. government's cybersecurity agency is now requiring federal agencies to implement vulnerability-disclosure policies, which would give ethical hackers clear guidelines for submitting bugs found in government systems, by next March. The new directive by the Cybersecurity and Infrastructure Security Agency aims to change this by requiring agencies to publish policies with detailed descriptions of which systems are in scope, the types of testing that are allowed and how ethical hackers can submit vulnerability reports.

The average wire-transfer loss from business email compromise attacks is significantly on the rise: In the second quarter of 2020 the average was $80,183, up from $54,000 in the first quarter. That's according to the recently released Anti-Phishing Working Group's Phishing Activity Trends Report [PDF], which pointed out that the rise in dollar amounts could be driven largely by one Russian BEC operation, which has been targeting companies for an average of $1.27 million per effort.

A previously undocumented malware family called KryptoCibule is mounting a three-pronged cryptocurrency-related attack, while also deploying remote-access trojan functionality to establish backdoors to its victims. Looking at timestamps in the various versions of KryptoCibule that ESET has identified, the malware dates from December 2018, researchers said.

A new Malicious Domain Blocking and Reporting service will help organizations improve security by preventing IT systems from connecting to malicious domains. Launched through a partnership between the U.S. Department of Homeland Security's Cybersecurity Infrastructure Security Agency, Center for Internet Security, and Akamai Technologies, the MDBR service adds another layer of Domain Name System security to help organizations protect applications.

The 2020 Phishing Attack Survey gleaned insights into the phishing landscape in August from 317 IT and cybersecurity professionals in the US, finding that email phishing attacks have become more successful during the COVID-19 pandemic. Despite only 6% of phishing attacks resulting in a breach, 36% of respondents said they were not confident that employees at their organizations would be able to spot and avoid an email phishing attack in real-time.

Recent attacks targeting QNAP Network Attached Storage devices were attempting to exploit a vulnerability that was addressed in July 2017, 360 Netlab security researchers say. Analysis of the QNAP NAS vulnerability revealed that it resides in the CGI program /httpd/cgi-bin/authLogout.

A recently identified adware campaign targeting macOS users is leveraging malicious code that has received Apple's approval. The approval, or notarization, as Apple calls it, is an automated process through which software is scanned before reaching macOS users, to ensure that it does not include malicious code.