Security News > 2020 > October

GravityRAT, a malware strain known for checking the CPU temperature of Windows computers to detect virtual machines or sandboxes, is now multi-platform spyware as it can now also be used to infect Android and macOS devices. While the malware authors previously focused their efforts on targeting Windows machines, a sample discovered by Kaspersky researchers last year shows that they are now adding macOS and Android support.

Google revealed last week that its infrastructure was targeted in a record-breaking distributed denial-of-service attack back in September 2017. In terms of bits per second, Google spotted the largest attack in September 2017.

Researchers are tricking autopilots by inserting split-second images into roadside billboards. Researchers at Israel's Ben Gurion University of the Negev previously revealed that they could use split-second light projections on roads to successfully trick Tesla's driver-assistance systems into automatically stopping without warning when its camera sees spoofed images of road signs or pedestrians.

The UK's data privacy watchdog on Friday slashed a fine imposed on British Airways over a cyber attack after taking into account coronavirus fallout on the embattled airline's finances. The UK Information Commissioner's Office said BA would be fined a "Record" £20 million, considerably less that the proposed amount totalling £183 million.

Microsoft removed a Windows 10, version 2004 compatibility hold blocking devices with certain WWAN LTE modems from upgrading to the latest Windows version. A fix for the issue was made available with the release of the Windows 10 2004 KB4577063 non-security preview cumulative update.

Encryption is vital to protecting people's use of data, it says, alongside human rights activists in repressive regimes, journalists researching corruption, and all those good things. You cannot make an encryption system insecure without making it insecure.

Microsoft is top of the heap when it comes to hacker impersonations - with Microsoft products and services featuring in nearly a fifth of all global brand phishing attacks in the third quarter of this year. The top three phishing brands exploited by email phishing attacks were Microsoft, DHL and Apple; on the web, it was Microsoft, Google and PayPal; and for mobile, WhatsApp, PayPal and Facebook took the top spots.

Last year, HackerOne had paid over $62 million in bug bounty rewards, with the figure surpassing $100 million this year according to the platform's latest report. Over the weekend, security professional Guido Vranken alleged that a vulnerability reported to Monero's bug bounty program run by HackerOne was a verbatim copy of his previously discovered exploit.

Since a typical vulnerability scanner needs to detect vulnerabilities in deployed software, they are not dependent on the language or technology used for the application they are scanning. We reviewed Netsparker Enterprise, which is one of the industry's top choices for web application vulnerability scanning.

A FairWarning research, based on survey results from more than 550 global privacy and data protection, IT, and compliance professionals outlines the characteristics and behaviors of advanced privacy and data protection teams. Despite increased regulations, breaches and privacy incidents, organizations have not rapidly accelerated the advancement of their privacy programs as 44% responded they are in the early stages of adoption and 28% are in middle stages.