Security News > 2020 > November

The partnership provides Ontic Fortune 500 clients with the ability to surface actionable insights from dark net data through the Ontic software platform for a more comprehensive view of potential physical threats to their business. "Through our partnership with DarkOwl, Ontic becomes the only protective intelligence platform to unite the largest dataset of dark web data that exists today with that from social media, news sites, public and criminal records, and company-proprietary records."

DataVisor announced that it has welcomed two new technology veterans to its executive leadership team: Steve Knopf, Vice President of Product and Jamshed Patel, Vice President of Solution Engineering at DataVisor. With decades of combined experience in executive leadership positions, the two seasoned leaders will support DataVisor in shaping its product roadmap, developing strategic partnerships and accelerating technology innovation in 2021 and beyond.

Multi-factor authentication, for those who haven't been paying attention, involves adding one or more additional access requirements to password-based authentication. At the same time, he argues people should avoid relying on SMS messages or voice calls to handle one-time passcodes because phone-based protocols are fundamentally insecure.

Silver Peak's Unity Orchestrator, a software-defined WAN management platform, suffers from three remote code-execution security bugs that can be chained together to allow network takeover by unauthenticated attackers. The issues are present In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+. Orchestrator instances that are hosted by customers - on-premise or in a public cloud provider - are affected, Silver Peak said.

Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Tracked as CVE-2020-16013 and CVE-2020-16017, the flaws were discovered and reported to Google by "Anonymous" sources, unlike previous cases, which were uncovered by the company's Project Zero elite security team.

Typing in your login data on the fake site exposes your credentials to the crooks because your password is sent to them instead of to your real mobile phone provider. As you can see from the list above, it's theoretically possible that getting your mobile phone account password hacked might give the crooks a way in to your bank account too, especially if you used the same password on your banking site as elsewhere.

The immensely popular children's online playground Animal Jam has suffered a data breach impacting 46 million accounts. Animal Jam is a virtual world created by WildWorks, where kids can play online games with other members.

Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices.

The Ragnar Locker ransomware group has decided to ratchet up the pressure on its latest high-profile victim, Italian liquor conglomerate Campari, by taking out Facebook ads threatening to release the 2TB of sensitive data it stole in a Nov. 3 attack - unless a $15 million ransom is paid in Bitcoin. The ads, first spotted by researcher Brian Krebs on Nov. 9, were to-the-point and entitled, "Security Breach of Campari Group Network." Ragnar Locker bought the ads using a hacked Facebook account, which Krebs said were subsequently shown to more than 7,000 users before Facebook caught on and pulled them down.

TikTok asked a Washington court Tuesday to stop an order from US President Donald Trump's administration from taking effect this week as the White House seeks to ban the Chinese-owned app in the United States. In its court petition, TikTok asked for more time, saying it has not received enough feedback on its proposed solution.