Security News > 2020 > December

As companies face a rising tide of cyber attacks, a new approach to email defence developed by cybersecurity company Darktrace uses our own ability to fight off external threats and replicates this 'immune system' approach in the digital world. Traditional email security vendors try to adapt with newer technologies like sandboxes, which run suspicious attachments in a controlled environment to see what they do.

An offshore Cayman Islands bank's backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs. Once evidence was given to the bank of the exposed data, the information was passed onto a bank staffer with a college computer science background, the report added.

Ransomware operators have attacked the Huntsville City Schools district in Alabama, forcing them to shut down schools for the rest of the week and possibly next week. The Huntsville City Schools district is the sixth-largest school district in Alabama, with almost 24,000 students, 2,300 employees, and thirty-seven schools.

Threat intelligence provider EclecticIQ on Tuesday announced that it has closed a €20 million Series C financing round, which brings the total raised by the company to €47 million. With the new financing, the company hopes to drive further innovation of its threat intelligence platform with the addition of new use cases, helping customers increase situational awareness and adopt an intelligence-led cybersecurity approach.

The Better Business Bureau warned last week that the attack uses Zoom's logo, and in a message tells recipients that their Zoom accounts were suspended and to click a link to reactivate; or that they missed a Zoom meeting, and to click a link to see the details and reschedule. Another recent variant of the attack has been a message welcoming some recipients to the platform and requesting they click on a link to activate the account, said the BBB. In all cases, victims are taken to a phishing landing page, where they are asked to input their Zoom credentials.

Four vulnerabilities have been discovered in the OpenClinic application for sharing electronic medical records. Authenticated healthcare users of the application can upload medical test documents for patients, which are then stored in the '/tests/' directory.

Vulnerabilities discovered by researchers in Rockwell Automation's FactoryTalk Linx product can allow attackers to compromise engineering workstations in industrial environments. FactoryTalk Linx, formerly known as RSLinx Enterprise, is a widely used product designed for connecting Allen Bradley programmable logic controllers to Rockwell applications, including for programming, data acquisition and HMI interaction.

You're invited to join SecurityWeek, Orca Security, Sisense and AWS, today at 1PM ET for a live webinar on how enterprises can secure AWS estates with dozens of accounts and multiple asset types. Advanced techniques for managing multi-account AWS environments using AWS Organizations' advanced management and governance capabilities, including SCP, CloudTrail, and more.

Cybercriminals have been observed targeting a recently disclosed vulnerability in the GO SMS Pro messaging application to steal user data. Whenever a user attempts to send a media file, Trustwave's SpiderLabs security researchers discovered, the application would generate a URL that can be easily guessed and which does not require authentication to access the shared media.

It all sounds innocent enough until you read about the requirement for "Quality parameters" to be collected from "Meeting quality monitoring devices", which might give some pause for thought. Productivity Score relies on metrics captured within Microsoft 365 to assess how productive a company and its workers are.