Security News > 2020 > November

Network security giant Palo Alto Networks announced on Wednesday that it has agreed to acquire attack surface management firm Expanse in a deal valued at roughly $800 million. As its largest acquisition to date, Palo Alto will pay $670 million in cash and stock and approximately $130 million in equity awards.

SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Table of contents Cooking up secure code: A foolproof recipe for open source.

Japanese e-commerce giant Rakuten had sent email notifications yesterday to many of its customers congratulating them on newly earned cashback. Periodic cashback emails from Rakuten Rewards, formerly Ebates, are frequently sent to customers of Rakuten apps, Chrome browser extension, and credit card.

Security researchers have discovered a new malware geared with modules that target Oracle Micros Hospitality RES 3700 point-of-sale systems, one of the most widely used management software in the hospitality industry. Named ModPipe, the malware is a modular backdoor that can steal the passwords for the PoS system databases by decrypting them from Windows registry values.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

For the first time, there's a year-over-year reduction in the cybersecurity workforce gap, due in part to increased talent entry into the field and uncertain demand due to the economic impact of COVID-19,² finds. The research, conducted from mid-April through June 2020, also provides insights from cybersecurity professionals about their organizations' COVID-19 pandemic response, and the massive effort required to quickly and securely transition their staffs to remote working environments.

Organizations underwent an unprecedented IT change this year amid a massive shift to remote work, accelerating adoption of cloud technology, Duo Security reveals. The report details how organizations, with a mandate to rapidly transition their entire workforce to remote, turned to remote access technologies such as VPN and RDP, among numerous other efforts.

A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed "CostaRicto" by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities.

The backdoor - dubbed "ModPipe" - impacts Oracle MICROS Restaurant Enterprise Series 3700 POS systems, a widely used software suite in restaurants and hospitality establishments to efficiently handle POS, inventory, and labor management. A majority of the identified targets are primarily located in the US. "What makes the backdoor distinctive are its downloadable modules and their capabilities, as it contains a custom algorithm designed to gather RES 3700 POS database passwords by decrypting them from Windows registry values," ESET researchers said in an analysis.

SAP's security updates for November 2020 patch several critical vulnerabilities affecting the company's Solution Manager, Data Services, ABAP, S4/HANA, and NetWeaver products. One of the hot news patches resolves a total of four vulnerabilities related to missing authentication checks in SolMan, which provides a central management interface for SAP and non-SAP systems.