Security News > 2020 > September
With the 2020 election looming, security is a hot topic. In the business hall, we saw vendors with new offerings to extend the corporate network and security into a user's home.
A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators are advised to implement one or all of the provided mitigations.
Cybersecurity is becoming increasingly important as more businesses collect, share, and use more data as part of their practice. You do not need to be a cybersecurity expert to understand that this is a booming industry.
This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury, the Federal Bureau of Investigation and U.S. Cyber Command. Working with U.S. government partners, CISA, Treasury, FBI, and USCYBERCOM identified malware and indicators of compromise used by the North Korean government in an automated teller machine cash-out scheme - referred to by the U.S. Government as "FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks."
A British citizen has been extradited to the US to face charges he oversaw a series of business email compromise attacks to steal over $2m from unwary accounts departments and individuals. It is said the crew used combinations of stolen personal information, spoofed phone numbers, fake email accounts, and even voice-altering software to contact bank staff and con them into handing over control of accounts by posing as legit customers.
Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months. The lifespan of SSL/TLS certificates has shrunk significantly over the last decade.
This has been intensified by the pandemic, with security teams stretched to breaking point trying to secure new remote working regimes against the influx of opportunistic cyberattacks. There is a human cost to this high-pressure environment and new research from SIRP shows that the additional burdens placed on security operations center teams due to COVID-19 has affected staff churn rates.
In June 2020, the Japanese cryptocurrency exchange Coincheck reported that hackers gained access to its domain registrar provider and hijacked its coincheck.com domain name. The two incidents illustrate the growing threat of Domain Name System hijacking.
Agari reported average wire transfer loss from BEC attacks smashed all previous frontiers, spiking from $54,000 in the first quarter to $80,183 in Q2 2020 as spearphishing gangs reached for bigger returns. During the second quarter of 2020, the average amount of gift cards requested by BEC attackers was $1,213, down from $1,453 in the first quarter of 2020.
Bring your own PC security will reach mainstream adoption in the next two to five years, while it will take five to 10 years for mainstream adoption of secure access service edge to take place, according to Gartner. The wide and sudden adoption of BYOPC has become a necessary security strategy which requires CISOs and security leaders to put in place specific security practices.