Security News > 2020 > October

Experian has been rapped over the knuckles by the UK's Information Commissioner's Office after it discovered the credit reference agency was trading "Millions" of people's data for marketing purposes. Instead of issuing a monetary fine the data regulator wrapped up a two-year probe yesterday by merely insisting Experian tweaks its online privacy policies and informs consumers it acquired data about them.

Enso Security, a company that claims to have built the first application security posture management platform, emerged from stealth mode on Wednesday with $6 million in seed funding. Enso Security says it has developed a platform designed to help organizations manage application security at scale, providing all the capabilities the company's founders wished for as application security practitioners.

The results of 13 million medical examinations relating to around 3.5 million U.S. patients are unprotected and available to anyone on the internet, SecurityWeek has learned. Schrader examined a range of radiology systems that include an image archive system - PACS, or picture archiving and communication system.

Healthcare delivery organizations have been busy increasing their network and systems security in the last year, though there is still much room for improvement, according to Forescout researchers. The bad news? Some network segmentation issues still crop up and HDOs still use insecure protocols for both medical and non-medical network communications, as well as for external communications.

Security researchers believe that compromised credentials were used by hackers to access the content management system behind Donald Trump's campaign website. According to WordPress security solutions provider Defiant, which develops the Wordfence product, the hackers most likely used compromised credentials for access, supposedly targeting the underlying Expression Engine content management system, which is an alternative to WordPress.

Microsoft disclosed today that Iranian state-sponsored hackers successfully hacked into the email accounts of multiple high-profile individuals and potential attendees at this year's Munich Security Conference and the Think 20 summit. "The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries," Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft said earlier today.

The North Korean advanced persistent threat group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency. Kimsuky has been operating as a cyberespionage group since 2012 under the auspices of the regime in Pyongyang.

So we have halting the largest DDoS attack ever recorded; GameStop getting hit with DDOs attacks; etc. Some of these extortion attacks, there's about six or seven different vectors that are commonly used as part of these attacks.

UPDATE. Hackers took over President Trump's 2020 election campaign website late Tuesday, replacing parts of the site with a cryptocurrency scam before returning it to its original content several minutes later. "While the hacked page claimed that the threat actors responsible compromised"multiple devices" that gave them "full access" to internal and secret conversations" of "Trump and relatives," there is no evidence that these statements are true, according to the Trump campaign.

Administrators woke up to a scary surprise today after false positives in Microsoft Defender ATP showed network devices infected with Cobalt Strike. Microsoft Defender ATP is Microsoft's enterprise antivirus and threat monitoring solution that admins deploy on devices throughout an organization.