Security News > 2020 > October

TechRepublic's Karen Roby spoke with Eva Velasquez, CEO of the Identity Theft Resource Center, about the importance of cybersecurity. Karen Roby: What are some of the things people can do? How do they best protect themselves?

Freezing your child's credit is one way to stop cybercriminals from destroying their credit. But you have to be careful to keep the key to thaw it later.

A dramatic uptick in Emotet phishing attacks since July has led the U.S. Cybersecurity and Infrastructure Security Agency to issue a warning that state and local governments need to fortify their systems against the trojan. "This increase has rendered Emotet one of the most prevalent ongoing threats," the CISA alert, issued Tuesday, read. The alarm comes at a time when municipalities are already strained, juggling the concurrent crises of the COVID-19 pandemic, widespread social unrest and a caustic election season.

A survey of business leaders by PwC finds the pandemic is causing rapid changes in the roles CISOs play, and offers five tips for ensuring that security remains stable as we enter a new normal. Ninety-six percent of respondents said they're adjusting their cybersecurity plans due to COVID-19, and the biggest evolution in security strategies seems to be baking security and privacy into every business decision.

Google has released patches addressing high-severity flaws in its System component. Two elevation of privilege issues, the most serious of the flaws, exist in the Android System component, the core of the operating system that's on Android phones.

Hack-for-hire group BAHAMUT managed to build a fake online empire to leverage in cyber-espionage operations targeting the Middle East and other regions around the world, BlackBerry reports. "BlackBerry assesses that the InPage zero-day exploit first identified by Kaspersky in 2016 and given CVE-2017-12824 but never attributed, was in fact used by BAHAMUT. We also assess that it was first developed by a Chinese threat group in 2009 for use in targeting a group in diaspora perceived to be a potential threat to the power of the Chinese Communist Party," BlackBerry notes in a new report.

Three cybersecurity experts explained how artificial intelligence and machine learning can be used to evade cybersecurity defenses and make breaches faster and more efficient during a NCSA and Nasdaq cybersecurity summit. Tim Bandos, chief information security officer at Digital Guardian, said that cybersecurity will always need human minds to build strong defenses and stop attacks.

A cyberespionage group known as BAHAMUT has been linked to a "Staggering" number of ongoing attacks against government officials and private-sector VIPs in the Middle East and South Asia, while also engaging in wide-ranging disinformation campaigns. "The group took over the domain of what was originally an information security news website and began pushing out content focused on geopolitics, research, industry news about other hack-for-hire groups," according to the report - along with news about exploit brokers like the NSO Group.

Microsoft will soon offer different installation experiences when setting up Windows 10 based on how you plan on using the computer. As people use Windows 10 in different ways, Microsoft is testing a new setup screen that asks you to indicate how you plan to use the computer to customize the options and tools offered during setup.

Microsoft announced that consent phishing protections including OAuth app publisher verification and app consent policies are now generally available in Office 365. These protections are designed to defend Office 365 users from an application-based phishing attack variant known as consent phishing.