Security News > 2020 > December

The European Union unveiled Wednesday plans to revamp the 27-nation bloc's dated cybersecurity rules, just days after data on a new coronavirus vaccine was unlawfully accessed in a hack attack on the European Medicines Agency. The EU last year recorded around 450 cyber incidents involving European infrastructure, notably in the financial and energy sectors, and the pandemic has highlighted Europe's deep dependence on the internet and exposed security weaknesses.

The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there.

Taking an identity-centric approach to modern security architecture helps organizations protect the weapons that are being used against us - the identity itself - But are federal agencies ready to shift to an identity-centric security model? In 2019, the United States, White House's Office of Management and Budget released M-19-17, the ICAM Modernization Strategy - the memo outlines the objectives for securing federal IT systems, including a common vision for using identity and access management controls.

Facebook is again pushing back on new Apple privacy rules for its mobile devices, this time saying in full page newspaper ads that the social media giant is standing up for small businesses. In ads that ran in The New York Times, The Wall Street Journal and other national newspapers Wednesday, Facebook said Apple's new rules "Limit businesses' ability to run personalized ads and reach their customers effectively."

The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence. The National Security Council has established a Cyber Unified Coordination Group following the SolarWinds breach to help the intelligence agencies better coordinate the US government's response efforts surrounding this ongoing espionage campaign.

The UK's Home Office has handed a £30m contract to engineering and IT outfit Leidos to help government agencies access and analyse communications data for combatting terrorism and organised crime. The Home Office's National Communications Data Service launched the Agile Data Retention and Disclosure Services last year with a prior information notice to the market.

Microsoft's GitHub plans to stop accepting account passwords as a way to authenticate Git operations, starting August 13, 2021, following a test period without passwords two-weeks earlier. As of next August, that requirement will be extended to all Git-related command line interactions, desktop apps that use Git, and software or services that access Git repos on GitHub via password.

Gevers shared screenshots of the user-side of the account with the Dutch press to prove he had gained access and may have used the account access to tweet a link to a satirical website as the President. Skeptical it would have been that easy to get into such an influential and safeguarded Twitter account with 88 million followers, everyone refused to accept it had happened.

Malwarebytes is running a holiday deal where you can get 40% off Malwarebytes Premium and the Malwarebytes for Teams business product for a limited time. The latest version of Malwarebytes is 4.2, and it was released at the end of October with enhanced protection, including faster scan speeds and better protection against malware, ransomware, and exploits.

Our 2020 Outbound Email Security Report revealed that stressed and tired employees are behind 37% of the most serious data leaks - caused by all-too-common culprits, including adding an incorrect recipient to an email, attaching the wrong document, replying to a spear phishing email and forgetting to use Bcc. Why do stressed employees make mistakes? An employee needs to share a client file over email.