Security News > 2020 > October

Scammers have hatched a new way to attempt to bypass two-factor authentication protections on Facebook. The first step in the "Appeal?" The victim is asked to submit a username, password and 2FA code from their mobile device, according to Sophos researcher Paul Ducklin, allowing fraudsters bypass 2FA. 2FA is an added layer of protection on top of a username and password that usually involves sending a unique code to a mobile device, which must be entered to access a platform.

Professor who specializes in security says we often treat a breach like a home break-in, adding security after the theft. I think companies and corporations moving forward, if they had cybersecurity experts to let them know that, "Your data is at risk or there are parts of data or your organization could be at risk. We need to secure this, and how do we secure this and how do we police this? And what are security policies?" Then I think the companies would be in a better position, not to say that we're going to eliminate that because it's just like your house.

Professor says companies shouldn't wait until they're breached before adding tight security. Students are rising to the challenge.

Container and Kubernetes security company StackRox on Wednesday announced the release of KubeLinter, an open source tool designed to help users identify misconfigurations in Kubernetes deployments. KubeLinter is a static analysis tool that checks YAML files, which store configuration data for Kubernetes applications, to ensure that security best practices are followed.

Today multiple reports have emerged from Home Depot customers in Canada stating that the company had sent them hundreds of emails containing order information of strangers. The emails obtained by BleepingComputer reveal information such as the customer's name, order number along with QR code, pick-up store address-or in some cases the customer's home address, items in the order, and payment receipt containing the last 4 digits of the payment card number.

A former BAE Systems software engineer who allegedly leaked top-secret details about a frontline missile system also ignored orders from police to hand over passwords to his electronic devices, a court has heard. Simon Finch, of Swansea, is said by prosecutors to have emailed details of the unidentified missile system to nine separate addresses.

I think, you've seen kind of how bounty programs specifically have shifted over the past decade or so, are you finding that companies are becoming more open to launching bug bounty programs? To your point about the the current ongoing pandemic, I know that that has had several impacts across the board, but specifically as it relates to bug bounty, like, I know that like Zoom, having kind of that influx in its user base, was looking to what their own bug bounty program and how they could improve that to kind of keep up with the the vulnerabilities that were being processed there.

The advanced persistent threat known as Turla is targeting government organizations using custom malware, including an updated trio of implants that give the group persistence through overlapping backdoor access. Russia-tied Turla is a cyber-espionage group that's been around for more than a decade.

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of customers globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants.

The Microsoft Defender Advanced Threat Protection endpoint security platform now provides users with a new report designed to help them keep track of vulnerable Windows and macOS devices within their organization's environment. The vulnerable devices report displays graphs with statistics and details on currently vulnerable device trends with the end goal of making it easier for IT administrators to grasp the scope and breadth of device exposure within the organization.