Security News > 2020 > October

The very nature of these searches requires mass surveillance. Homeland Security special agent Sylvette Reynoso testified that her team began by asking Google to produce a list of public IP addresses used to google the home of the victim in the run-up to the arson.

Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. Microsoft and its partners analyzed over 186,000 TrickBot samples, using it to track down the malware's command-and-control infrastructure employed to communicate with the victim machines and identify the IP addresses of the C2 servers and other TTPs applied to evade detection.

Mozilla released Firefox 81.0.2 today, October 13th, 2020, to the Stable desktop channel for Windows, macOS, Linux, and Android with a fix for a known issue preventing Twitter's website from loading. The issue affecting a large number of Firefox users caused the web browser to display blank pages or errors instead of loading Twitter pages on both desktop and mobile devices.

The city council systems for the London Borough of Hackney have been hit with a 'serious' cyberattack that impacts many of their services and IT systems. Not much is known about the attack, but in a press release to the borough's website, Mayor Philip Glanville stated that it was the Hackney Borough Council's IT systems that had suffered the attack.

International law firm Seyfarth Shaw LLP has shut down many of its systems after being hit with a ransomware attack. Over the weekend, the company fell victim to a ransomware attack that spread aggressively across its network and forced it to shut down its email service and other systems.

Cloudflare released Cloudflare One, a comprehensive, cloud-based network-as-a-service solution for your workforce. Cloudflare One uses that same network scale to give businesses multiple on-ramps to the public internet from offices, to data centers, to employees in-the-field, and connects traffic to Cloudflare's comprehensive zero trust solution.

"So much of the world's development happens on GitHub that security is not just an opportunity for us, but our responsibility. To secure software at scale, we need to make a base-level impact that can drive the most change; and that starts with the code," Grey Baker, GitHub's Senior Director of Product Management, told Help Net Security. The engine can analyze code written in C, C++, C#, Java, JavaScript, TypeScript, Python and Go, but since the Code Scanning feature built on the open SARIF standard, it can also work with third-party analysis engines available from the GitHub Marketplace.

Because many organizations already have a SIEM, it seemed reasonable for the SOAR providers to start with automating the output from the SIEM tool or security platform console. So: Security controls send alerts to a SIEM > the SIEM uses rules written by the security team to filter down the number of alerts to a much smaller number, usually 1,000,000:1 > SIEM events are sent to the SOAR, where playbooks written by the security team use workflow automation to investigate and respond to the alerts.

Let us briefly discuss two aspects: First, the wide use of open source software gave us insight into a vast quantity of source code changes and the reasoning behind them. We see tools like GPT-3 and their applications in source code being discussed widely.

An attack involving the Ryuk ransomware required 29 hours from an email being sent to the target to full environment compromise and the encryption of systems, according to the DFIR Report, a project that provides threat intelligence from real attacks observed by its honeypots. Over the past two years, Ryuk has been responsible for a significant number of high-profile attacks, including incidents involving Pennsylvania-based UHS and Alabama hospital chain DCH Health System.