Security News > 2020 > September

The FBI is worried that Ring doorbell owners can use footage collected from their smart devices to keep tabs on police, newly uncovered documents show. The FBI document outlines how Ring surveillance footage could present new "Challenges" for law enforcement.

The American Payroll Association says user information was stolen after attackers managed to inject a skimmer on its website. A payroll education, publications, and training provider, APA helps professionals increase their skill, offering payroll conferences and seminars, resources, and certification.

Network security policy management provider FireMon announced Tuesday that it has secured $40 million in debt financing from Silicon Valley Bank. Founded in 2004, FireMon serves over 1,700 enterprises in 70 countries and has more than 700 go-to-market partners globally.

An APT group known as Pioneer Kitten, linked to Iran, has been spotted selling corporate-network credentials on hacker forums. Pioneer Kitten is a hacker group that specializes in infiltrating corporate networks using open-source tools to compromise remote external services.

The Tor Project, the research-education nonprofit organization that maintains software for the Tor anonymity network, has announced a membership program to secure funding that will allow them to "Be more agile" when it comes to software development. "Because we are a software development organization, relying only on grant funding, forces us into a development model that is slow and archaic. We can never execute solutions immediately in an agile way or experiment quickly with possible paths. We want to change that so we can respond to issues and start projects faster. And we can do that by increasing the number and amount of unrestricted contributions to the Tor Project."

South Korea has indicted Samsung Group vice chairman Lee Jae-yong over his role in a 2015 merger that made him heir apparent to the multinational's empire. Samsung and Lee have denied the charges, which include alleged breaches of the country's Capital Markets Act and External Audit Act.

Shlayer adware creators have found a way to get their malicious payload notarized by Apple, allowing it to bypass anti-malware checks performed by macOS before installing any software. The first known instance of notarized macOS malware was discovered last week, by a college student who noticed that people who want to download Homebrew and make the mistake of entering the wrong URL are getting served with a warning saying their Adobe Flash Player is out of date and offering an update for download. Security researcher Patrick Wardle analyzed the served package and confirmed that it is not an update, but a notarized version of the macOS Shlayer adware, which doesn't get detected as malicious by Gatekeeper.

A hacking group believed to be linked to the Iranian government was observed targeting a critical vulnerability that F5 Networks addressed in its BIG-IP application delivery controller in early July. Tracked as CVE-2020-5902 and featuring a CVSS score of 10, the vulnerability allows remote attackers to take complete control of a targeted system.

Back in 2015 I wrote an article, right here in SecurityWeek, about process parity. Humans simply can't do the job, and process optimization is literally the only way you'll find the real baddie in all that noise.

Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.