Security News > 2020 > December

A North Carolina man was sentenced to 95 months in federal prison for his involvement in multiple cyber and swatting attacks. Responsible for making threats of shootings and bombings to numerous schools located in the United States and United Kingdom, Vaughn was sentenced to 95 months in prison for child pornography and 60 months for each of the other charges.

The new Microsoft Teams additions include call transfer, spam reduction, CarPlay support, streamlined calling experience, and more. Microsoft is rolling out a new enhanced calling experience with a new screen to access the dialpad, call history, voicemail, contacts, and settings.

A botnet known as DarkIRC is actively targeting thousands of exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution vulnerability fixed by Oracle two months ago. Almost 3,000 Oracle WebLogic servers are reachable over the Internet based on Shodan stats and allow unauthenticated attackers to execute remote code on targeted servers according to a Juniper Threat Labs report.

A Cayman Islands-based investment fund has exposed its entire backups to the internet after failing to properly configure a secure Microsoft Azure blob. Details of the fund's register of members and correspondence with its investors could be freely read by anyone with the URL to its Azure blob, the Microsoft equivalent of an Amazon Web Services S3 storage bucket.

A Cayman Islands-based investment fund has exposed its entire backups to the internet after failing to properly configure a secure Microsoft Azure blob. Details of the fund's register of members and correspondence with its investors could be freely read by anyone with the URL to its Azure blob, the Microsoft equivalent of an Amazon Web Services S3 storage bucket.

Online learning solutions provider K12 Inc., which recently announced changing its name to Stride Inc., said on Monday that it had decided to pay a ransom to cybercriminals who managed to breach its systems and deploy a piece of ransomware. The attackers deployed a piece of ransomware and accessed information stored on some corporate back-office systems.

After more than six months, the shine is wearing off working from home - not just for the workers, but for the security teams who need to rethink pretty much everything about how to protect them and their companies. It also means traditional data center or perimeter-based security approaches just aren't going to cut it.

Microsoft has fixed a known issue causing Windows 10 blue screens of death crashes when users plugged in a Thunderbolt NVMe Solid State Drive. To be impacted by this known issue Windows 10 device would have to feature at least one Thunderbolt NVMe SSD and one Thunderbolt port.

The FBI is warning US companies about scammers actively abusing auto-forwarding rules on web-based email clients to increase the likelihood of successful Business Email Compromise attacks. BEC scammers used email rules added to the target' web-based email clients to hide their activity while impersonating employees or business partners.

GO SMS Pro, an Android instant messaging app with more than 100 million installs, is still exposing the privately shared messages of millions of users even though the developer has been working on a fix for the flaw behind the data leak for almost two weeks. Private files sent by users to contacts who don't have GO SMS Pro installed can be accessed from the app's servers via a shortened URL which redirects to a content delivery network server used to store all shared messages.