Security News > 2020 > October

Over the past two weeks, Sam's Club has started sending automated password reset emails and security notifications to customers who were hacked in credential stuffing attacks. In emails sent out to Sam's Club members, and seen by BleepingComputer, the company is alerting members that an unauthorized party may have gained access to their accounts.

With the shift to remote working, you now need to protect and secure all the employees, data, and devices outside the normal physical confines of your business. A report published Thursday by business VPN provider NordVPN Teams explores the risks of poor cybersecurity and offers tips on how to better protect your organization in this new remote working climate.

A new report from the industrial cybersecurity company Claroty details how US IT and OT security professionals see their organization's more of a target since early March, when the US pandemic shut down industry. Claroty's report, "The Critical Convergence of IT and OT Security in a Global Crisis," revealed that 60% of respondents believe their CISO demonstrated good leadership in the midst of a crisis, but also found that 86% said their organization's leadership made cybersecurity a priority during the pandemic and implemented appropriate training resources for the company's now dispersed workforce.

The Springfield Public Schools district in Massachusetts has become the victim of a ransomware attack that has caused the closure of schools while they investigate the cyberattack. Springfield is the third largest school district in Massachusetts with over 25,000 students, 4,500 employees, and more than sixty schools.

Researchers have disclosed two flaws in Microsoft's Azure web hosting application service, App Services, which if exploited could enable an attacker to take over administrative servers. Azure App Services is an HTTP-based service for hosting web applications, and is available in both Microsoft Azure Cloud and on-premise installations.

Cloud security company Accurics says it has raised $20 million across seed and Series A funding rounds in the past six months. Accurics plans on using the investment to support its market momentum and continue improving its technology.

The US Air Force is deploying Kubernetes containerisation tech aboard some of its spyplanes - as UK-based Britten-Norman teams up to make one of its flagship aircraft semi-autonomous. The USAF has tested Kubernetes aboard a U-2 Dragon Lady spyplane.

The three new features provide adaptive threat profiling for Juniper's ATP Cloud, the integration of WootCloud HyperContext for device profiling, and Secure Connect VPN for remote working beyond the branch office. Adaptive Threat Profiling makes use of Juniper's SRX series firewalls to act as sensors throughout the network.

Analysis of hundreds of millions of web pages found phishing and fraudulent sites using the Amazon brand and logos poised for big Prime Day sales, according to Bolster Research. Analysis of hundreds of millions of web pages led to tracking new phishing and fraudulent websites using the Amazon brand and logos-the fake sites are trying to replicate the actual Amazon site in the hopes of hacking into the unsuspecting "Customer's" personal information.

The United States this week announced that it seized a total of 92 domain names that an Iran-linked adversary was leveraging in a global disinformation campaign. The manner in which these domains were being used was in violation of sanctions the U.S. imposed on both the government of Iran and the IRGC. As of April 2019, the United States has designated the IRGC as a foreign terrorist organization.