Security News > 2020 > December
Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. NOW: Pensions did not disclose how many records were exposed, nor how many third parties copied the leaked data.
Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. NOW: Pensions did not disclose how many records were exposed, nor how many third parties copied the leaked data.
A Microsoft root certificate is expiring at the end of this month, and Microsoft warns that removing it could cause problems with the operating system. Earlier this month, BornCity reported that the 'Microsoft Root Authority' certificate in Microsoft's Trusted Root Certification Authorities was expiring at the end of the month, on 12/31/20.
"As human beings, we like to believe that our behavior is primarily guided by our conscious thoughts and feelings," writes researcher in social cognition and neuroscience Maddalena Marini, Ph.D., in her Psychology Today article, The Automatic Mind: How the contents of the unconscious mind guide behavior. Marini adds, "The interference between automatic and desired behavior can involve different mental abilities, including vision, attention, learning and memory, reasoning and problem-solving, judgment and decision making, and even social stereotyping and attitudes."
Texas-based IT management and monitoring solutions provider SolarWinds told the U.S. Securities and Exchange Commission that its executives were not aware that the company had been breached when they decided to sell stock. Just days before the hack came to light, the firm's two biggest investors, Silver Lake and Thoma Bravo, sold more than $280 million in stock to a Canadian public pension fund.
US Senator Ron Wyden said that dozens of US Treasury email accounts were compromised by the threat actors behind the SolarWinds hack. The senator also added that the SolarWinds hackers also breached the systems in the Departmental Offices division of the US Treasury, a department that is the "Home to the department's highest-ranking officials."
Hackers broke into systems used by top US Treasury officials during a massive cyberattack on government agencies and may have stolen essential encryption keys, a senior lawmaker said Monday. Senator Ron Wyden, who sits on both the Senate Intelligence and Finance Committees, said after a closed-door briefing that the hack at the US Treasury Department "Appears to be significant."
The blockchain domains of Joker's Stash, a popular underground marketplace for stolen payment card data, have been seized by law enforcement. What the two law enforcement agencies apparently managed to do was to seize proxy servers that were used in connection with the Joker's Stash blockchain domains.
US federal agencies have warned about scammers exploiting the public's interest in the COVID-19 vaccine to harvest personal information and steal money through multiple ongoing and emerging fraud schemes. Potential indicators of such fraudulent activity highlight by the FBI include offers for early access to vaccines conditioned by payment in advance, requests to pay out to receive a vaccine or to get added to a waiting list, and offers to ship doses of the vaccine in exchange of money transfers.
Initially detailed in February 2020, VBA purging involves the use of VBA source code only within Office documents, instead of the typically compiled code, and ensures better detection evasion. Malicious Office documents have VBA code stored within streams of Compound File Binary Format files, with Microsoft's specifications on VBA macros storing VBA data in a hierarchy containing different types of streams.