Security News > 2020 > December

Microsoft has added support for security incident email notifications to the Microsoft 365 Defender enterprise threat protection solution. The Microsoft 365 Defender suite is used by security teams for coordinated threat protection in enterprise environments for protecting devices, identity, data, and applications.

The American Civil Liberties Union announced on Tuesday that it has filed a lawsuit against the FBI in an effort to find out how the law enforcement agency can access information stored on encrypted devices. The FBI has often turned to third parties for help in accessing information stored on encrypted devices, but it has come to light in recent court documents that the agency's Electronic Device Analysis Unit has been acquiring solutions that can help it break into encrypted devices on its own.

President-elect Joe Biden said Tuesday that the perpetrators of a massive cyberattack on the US government, unofficially blamed on Russia, must face consequences, and assailed President Donald Trump over his response to the threat. "We can't let this go unanswered," Biden said in pre-holiday remarks to the American people.

United Kingdom's Information Commissioner's Office has warned organizations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery. The UK independent authority urged organizations using compromised versions of the SolarWinds Orion IT management platform to check for evidence of attackers infiltrating their network and gaining access to personal information.

"We see where troll feeding leads." Unfortunately not "Feeding" makes this troll change food source.

In an advisory this week, the Department of Homeland Security warned American organizations of the risks posed by using data services and equipment from firms that have ties to the People's Republic of China. "The PRC presents a grave threat to the data security of the U.S. government and U.S. businesses. It has both the intent and ability to covertly access data directly through entities under the influence or jurisdiction of PRC laws," the DHS says.

Emsisoft has provided BleepingComputer visitors an exclusive holiday deal where you can get 20% off Emsisoft Anti-Malware until the end of the year. Emsisoft is a powerful anti-virus solution that uses a dual-scanning engine with definitions from both Emsisoft and Bitdefender.

Millions of devices are exposed to potential attacks exploiting the vulnerabilities used in the tools that threat actors recently stole from FireEye, security and compliance solutions provider Qualys reported on Tuesday. Qualys said it identified more than 7.5 million instances related to vulnerabilities associated with the stolen FireEye tools and compromised versions of the SolarWinds Orion product.

The US Department of Homeland Security warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the People's Republic of China. The DHS said that Chinese companies could be forced by newly enacted PRC laws to cooperate with Chinese security and intelligence services.

QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage devices running the QES, QTS, and QuTS hero operating systems. CVE-2020-2503: Stored cross-site scripting QES vulnerability - enables remote attackers to inject malicious code in File Station.