Security News > 2020 > November
Linux went from 1.14% to 1.65% and Ubuntu now holds a market share of 0.51%. The market share of Windows 7 has also dropped, but many users are still actively using outdated Windows 7, which could be due to its huge number of enterprise users. According to NetMarketShare, Windows 7 saw a drop from 22.77% to 20.41% last month.
2AI released a preview of the report last year at SecurityWeek's ICS Cyber Security Conference in Atlanta. The organization revealed at the time that some respondents claimed to have experienced ICS security incidents that resulted in injury and even loss of life.
Adobe has released security updates to address critical severity vulnerabilities affecting Adobe Acrobat and Reader for Windows and macOS that could enable attackers to execute arbitrary code on vulnerable devices. Adobe categorized the security updates as priority 2 updates which means that they address vulnerabilities with no public exploits in products that have "Historically been at elevated risk."
Issuing the org's annual report today, NCSC chief exec Lindy Cameron, who formally replaced founding chief Ciaran Martin in the summer, said: "This review outlines the breadth of remarkable work delivered by the NCSC in the past year, largely against a backdrop of the shared global crisis of coronavirus." "We've added a significant amount of support to healthcare," added NCSC ops director Paul Chichester, referring to a number of incidents, some higher profile than others, during the year.
Leading cloud software provider Blackbaud has been sued in 23 proposed consumer class action cases in the U.S. and Canada related to the ransomware attack that the company suffered in May 2020. The organizations impacted by the ransomware attack on Blackbaud include a long list of entities such as charities, non-profits, foundations, and universities from the U.S., Canada, the U.K., and the Netherlands.
A former BAE Systems engineer accused of failing to hand over his device passwords to Merseyside Police vowed not to give them up until a watchdog investigated his allegations that police workers had perverted the course of justice, the Old Bailey heard. Finch is accused, as previously reported, of failing to hand over his passwords to police on demand - a crime in the UK - and of revealing secrets about a UK missile system to various foreign countries and other individuals, contrary to the Official Secrets Act.
A newly identified attack method can bypass Network Address Translation and firewalls, allowing the attacker to remotely access TCP/UDP services on the victim's internal network, security researcher Samy Kamkar explains. According to the researcher, the attack chains "Internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse."
Named security incidents recently have editorialized their own importance with fear-mongering monikers like Heartbleed, Meltdown, Spectre, and Foreshadow, and Fallout and ZombieLoad. Not all do so. "Sensational names are often the tool of the discoverers to create more visibility for their work," explained Leigh Metcalf, senior network security research analyst at the CMU's CERT/CC, on Friday.
There's a growing use of ransomware, encrypted threats and attacks among cybercriminals leveraging non-standard ports, while overall malware volume declined for the third consecutive quarter, SonicWall reveals. In a year-over-year comparison through the third quarter, researchers recorded 4.4 billion malware attacks - a 39% drop worldwide.
BEC attacks increased 15% quarter-over-quarter, driven by an explosion in invoice and payment fraud, Abnormal Security research reveals. "As the industry's only measure of BEC attack volume by industry, our quarterly BEC research is important for CISOs to prepare and stay ahead of attackers," said Evan Reiser, CEO of Abnormal Security.