Security News > 2020 > October

Five researchers hacked Apple Computer's networks - not their products - and found fifty-five vulnerabilities. They have received $289K. One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and documents from someone's iCloud account and then do the same to the victim's contacts.

NordVPN has hit the go-live button for the first of its colocated servers. The move means the VPN provider can take tighter control over the service as it now only rents space for its own custom servers, rather than renting someone else's server in a data centre.

A UK government minister has called for the country to "Shape the standards of new technology" in a speech aimed at drumming up Commonwealth support for a cyber "Leadership" role for post-Brexit Britain. Foreign Office minister James Cleverly told an invited audience at Singapore's International Cyber Week: "We must shape the standards of new technology to ensure individual security, safety and privacy," while pointing to "The rapidly expanding Internet of Things" as "a good example of where the UK and Singapore have both led initiatives to promote security in design."

German enterprise solutions giant Software AG revealed last week that it had been targeted by cybercriminals with the Clop ransomware. Software AG operates across more than 70 countries around the world and it has over 5,000 employees.

Implementing a self-service password reset solution can be a quick win for IT staff who are now supporting both on-premises and remote workers and taking care of other normal daily tasks. According to analyst firms the Gartner Group and Forrester Research, between 20%-50% of help desk calls are related to password resets, and a single password reset call can cost about $70. So, to put some context to those numbers, if your service desk triages 500 calls a month, potentially 250 of those calls are password related accounting for $17,500 in support costs per month!

The Trickbot operation started hitting serious snags towards the end of September when enslaved computers received an update that cut them off from the botnet by changing the command and control server address to 127.0.0.1. On October 10, The Washington Post reported that the U.S. Cyber Command carried out a campaign seeking to disrupt the Trickbot botnet ahead of the presidential elections.

The Trickbot operation started hitting serious snags towards the end of September when enslaved computers received an update that cut them off from the botnet by changing the command and control server address to 127.0.0.1. On October 10, The Washington Post reported that the U.S. Cyber Command carried out a campaign seeking to disrupt the Trickbot botnet ahead of the presidential elections.

Healthcare delivery organizations have started demanding better security from medical device manufacturers, he says, and many have implemented secure procurement processes and contract language for MDMs that address the cybersecurity of the device itself, secure installation, cybersecurity support for the life of the product in the field, liability for breaches caused by a device not following current best practice, ongoing support for events in the field, and so on. Gates is a principal security architect at Velentium and one of the authors of the recently released Medical Device Cybersecurity for Engineers and Manufacturers, a comprehensive guide to medical device secure lifecycle management, aimed at engineers, managers, and regulatory specialists.

Take the massive Norsk Hydro ransomware attack as an example: The initial infection occurred three months prior to the attacker executing the ransomware and locking down much of the manufacturer's computer systems. What exactly are attackers doing with that time? How do they make their way onto the endpoint undetected?

A rise in SaaS adoption is prompting concerns over operational complexity and risk, a BetterCloud report reveals. With SaaS on the rise, 49 percent of respondents are confident in their ability to identify and monitor unsanctioned SaaS usage on company networks-yet 76 percent see unsanctioned apps as a security risk.