Security News > 2020 > October

Through disinformation campaigns, foreign adversaries attempt to exploit the fear and uncertainty among US voters, says Digital Shadows. The 2016 presidential election was marked by meddling most notably from Russian agents who attempted to influence voters through disinformation on social media and other platforms.

Up to 78 percent of Microsoft 365 administrators do not have multi-factor authentication security measures enabled. A recent report by CoreView Research also found that 97 percent of all total Microsoft 365 users do not use MFA, shedding a grim light on the security issues inherent with the implementation of Microsoft's subscription service.

Microsoft has released the KB4577586 update to remove Adobe Flash from Windows and prevents it from being installed again. In September 2020, Microsoft announced that an optional update would be released in the fall to uninstall Adobe Flash Player and prevent it from being installed again on the same device.

Mozilla today started rolling out Firefox 82.0.1, a new version that fixes a known bug where the Windows installer displays unnecessary reboot prompts on some systems after it finishes the installation. "This would affect anyone running a full installer[.], provided they have at least one other Firefox installation in a directory other than the one that they just installed into," Mozilla engineer Molly Howell explained on the company's bug tracker.

A hacker attack against an upstate New York county's computer system raised concern that some emailed absentee ballot applications may not be processed, but the state Board of Elections said voting won't be affected overall. The cyber attack on Oct. 18 encrypted about 200 computers operated by Chenango County and hackers demanded ransom of $450 per computer to unlock the files, Herman Ericksen, the county's information technology director, said Monday.

Strider Technologies, a company that provides solutions for combating cyber-espionage, on Tuesday announced that it raised $10 million in Series A funding. Aiming to help organizations mitigate innovation theft and supply-chain vulnerabilities, Strider offers a platform suitable not only for corporations, but also for government agencies and research institutions looking to identify, assess, and remediate state-sponsored economic espionage.

Multinational energy company Enel Group has been hit by a ransomware attack for the second time this year. In early June, Enel's internal network was attacked by Snake ransomware, also referred to as EKANS, but the attempt was caught before the malware could spread. On Octber 19th, a researcher shared a Netwalker ransom note with BleepingComputer that appeared to be from an attack on Enel Group.

Fragomen, a law firm that provides Google with I-9 employment verification compliance services, says the personal information of some people was compromised in a recent data breach. In a notice of data breach filed with California's Office of the Attorney General, Fragomen is informing affected Google employees of a data breach that it discovered on September 24, and which has resulted in personal information being compromised.

A recent study by OpenVPN shows 90% of IT and Security pros believe that remote workers are not secure - and 70% say remote workers are a bigger data security risk than onsite ones. Remote work setups often introduce data security risks because of less secure home networks and personal devices.

How is retail security going to face different challenges this year, with how applications are being used and being vulnerable and things like that? But before we discuss that, do you want to talk a little bit about the state of software security report and some of the big takeaways and trends that you saw there? So we said, well, what what other factors are there? And so that's, that's something that when we looked at it, we thought about certain things that you just inherit, right? There's certain things that you don't really control, you don't control the size of your organization, the size of your application, the amount of security debt that you inherit, that's kind of like your nature, right? But then there are things that you do control, you control, how frequently you scan, what types of scanning that you use, different technologies, how regular your scan cadence is.