Security News > 2020 > November

The contents of messages from encrypted chat service EncroChat may be admissible as evidence in English criminal trials, the High Court in London, England has ruled. The ruling, issued late last month, has profound implications for a number of criminal trials brought over evidence obtained from EncroChat messages.

STEM education that includes cybersecurity can help the US prepare for the future.

Ticketmaster's UK division has been slapped with a $1.65 million fine by the Information Commissioner's Office in the UK, over its 2018 data breach that impacted 9.4 million customers. The breach affected international customers who purchased, or attempted to purchase, event tickets between September 2017 and late June 2018; while UK users were impacted between February and June 2018.

Fake shipping notices and charity frauds are two scams cited by the security company GreatHorn, which offers tips to consumers on how to avoid them. In a blog post published on Thursday, security company GreatHorn warns of four different scams likely to pop up this season and offers advice on how to combat them.

The North Face has reset its customers' passwords after attackers launched a credential-stuffing attack against the popular outdoor outfitter's website. There, customers can buy clothing and gear online, create accounts and gain loyalty points as part of its "VIPeak Rewards Program." After further investigation, The North Face concluded that attackers had launched a credential-stuffing attack against its website from Oct. 8 to Oct. 9.

Security firm Barracuda Networks announced on Thursday that it has acquired Fyde, a provider of Zero Trust Network Access solutions. As Barracuda explains, Fyde's Zero Trust solution "Enables secure, reliable, and fast access to cloud or on-premises applications and workloads from any device and location."

Jack Wallen walks you through the process of putting in place a temporary fix against SAD DNS for your Linux servers and desktops. There's a new DNS cache poisoning threat in town and it goes by the name of Side-channel AttackeD DNS. This new attack works like so: SAD DNS makes it possible for hackers to reroute traffic destined to a specific domain to a server under their control.

Key to the criminals' success was Ticketmaster's decision to deploy a Javascript-powered chatbot on its website payment pages, giving criminals an easy way in by compromising the third party's JS - something the ICO held against Ticketmaster in its decision to award the fine. Ticketmaster 'fessed up to world+dog in June that year, and the final damage has now been revealed by the Information Commissioner's Office: 9.4m people's data was "Potentially affected" of which 1.5m were in the UK; 66,000 credit cards were compromised and had to be replaced; and Ticketmaster itself doesn't know how many people were affected between 25 May and 23 June 2018.

Microsoft said it has detected attempts by state-backed Russian and North Korean hackers to steal valuable data from leading pharmaceutical companies and vaccine researchers. Microsoft said most of the targets - located in Canada, France, India, South Korea and the United States - were "Directly involved in researching vaccines and treatments for COVID-19." It did not name the targets but said most had vaccine candidates in various stages of clinical trials.

TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information.