Security News > 2020 > October

Financial institutions have interdependent supply chains that offer a "Broad, target-rich attack surface that adversaries can undermine," a new report from Accenture warns. Supply chains, which introduce increasingly interconnected attack surfaces.

Virus Bulletin 2020 - A loose affiliation of cybercriminals are working together to author and distribute multiple families of banking trojans in Latin America - a collaborative effort that researchers say is highly unusual. Multiple, distinct malware families have plagued Latin American banking customers for years - the variants include Amavaldo, Casbaneiro, Grandoreiro, Guildma, Krachulka, Lokorrito, Mekotio, Mispadu, Numando, Vadokrist and Zumanek, according to ESET. In examining these families over time, ESET researchers began to notice "Some similarities between multiple families in our series, such as using the same uncommon algorithm to encrypt strings or suspiciously similar DGAs to obtain C2 server addresses," according to a Thursday analysis.

After six months of the so-called new normal, are you ready to take a breath? Or are you acutely aware that the real threats to your organization are only now becoming clear? The shift to home and remote working has ripped off the band-aids companies have been slapping over long-ignored vulnerabilities, and forced them to confront data security and compliance challenges head on.

Facebook has detailed a wide-scale Chinese malware campaign that targeted its ad platform for years and siphoned $4 million from users' advertising accounts. Once installed, SilentFade stole Facebook credentials and cookies from various browser credential stores, including Internet Explorer, Chromium and Firefox.

Gruss and his colleagues discovered some of the biggest recent security snafus, including the Meltdown and Spectre microprocessor design flaws, a working Rowhammer exploit, attacks on Intel SGX including Plundervolt, and many more besides. The assistant professor also advanced his theory that as Moore's Law runs out, we'll use more and more systems with more and more processor and accelerator cores all interacting with each other, which means even more security risk.

Cloud-based enterprise device security platform provider Eclypsium on Thursday announced raising $13 million in an oversubscribed funding round. To date, the company has raised a total of $25 million.

So I scrolled up to one of the one of the SGI systems, typed in LP, hit enter and said, "Thanks, I don't need to log on. I already got one." My manager one swung around on his chair and he goes, "How did you do that?" And I said, "I know IRIX systems have an LP account that has no password by default on all the systems." And he looked at me and he says, "Would you be willing to do security for us?" And I said, "I was hoping you'd say that." So from then on, I was the unofficial penetration tester for this network that was literally untouched by any security person, I think ever. He's like, you understand that, that, you know, security is important.

Seventy percent of major organizations were strategizing to pour more money into cybersecurity efforts as a result of the coronavirus pandemic, according to a report in May. Gartner has predicted that, despite COVID-19, total global spending on cybersecurity will hit $123.8 billion in 2020. A new report-CompTIA's State of Cybersecurity 2020-took the temperature of how the enterprise has responded to security during COVID-19, surveying 425 US businesses.

It could be the wackiest product yet from Amazon - a tiny indoor drone which buzzes around people's homes as a security sentry. Amazon says the tiny drone is "Built with privacy in mind" and operates at the direction of its customers.

Recent threat research shows that during the first six months of 2020, cybercriminals adapted their usual attack strategies to take advantage of the global pandemic and target the expanded attack surface created by the dramatic shift to remote workers. Cybercriminals understand this and have modified their attack strategies accordingly.