Security News > 2020 > December

Ireland's Data Protection Commission has fined Twitter €450,000 after ruling a bug in the firm's Android app that allowed users' private messages to be publicly viewed infringed the EU's General Data Protection Regulation. "The DPC's investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach. The DPC has imposed an administrative fine of €450,000 on Twitter as an effective, proportionate and dissuasive measure" the DPC said.

Jack Wallen explains why he's not worried that the rise in popularity of the Linux operating system will mean your open source platforms will be vulnerable to attacks. Linux powers big business-of that there is no debate.

Jack Wallen explains why he's not worried that the rise in popularity of the Linux operating system will mean your open source platforms will be vulnerable to attacks.

Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems. In a Dec. 14 filing with the U.S. Securities and Exchange Commission, SolarWinds said roughly 33,000 of its more than 300,000 customers were Orion customers, and that fewer than 18,000 customers may have had an installation of the Orion product that contained the malicious code.

More than 45 million medical images-and the personally identifiable information and personal healthcare information associated with them-have been left exposed online due to unsecured technology that's typically used to store, send and receive medical data, new research has found. NAS is an inexpensive storage solution used mainly by small companies or individuals to store data rather than paying for more expensive dedicated servers or virtual cloud servers, while DICOM is a global standard used by healthcare professionals to transmit medical images.

Gmail is suffering its second outage in 24 hours, with users able to access their email but unable to send to other Gmail users or are experiencing unexpected behavior. According to DownDetector, a service that allows visitors to report service outages, the Gmail outage is predominantly affecting users in the USA. At its peak, DownDetector reported over 17,000 users affected by the outage.

Six-year-old keylogger malware called Agent Tesla has been updated again, this time with expanded targeting and improved data exfiltration features. "Threat actors who transition to this version of Agent Tesla gain the capability to target a wider range of stored credentials, including those for web browser, email, VPN and other services," said Aaron Riley, cyber threat intelligence analyst with Cofense in a Tuesday analysis.

Microsoft has announced today that Microsoft Defender will begin quarantining compromised SolarWind Orion binaries starting tomorrow morning. The threat actors used these malicious binaries to install a backdoor known as Solorigate or SUNBURST. While Microsoft is already detecting the backdoor, they have not quarantined the SolarWinds binaries as it could affect essential network management operations used by customers.

According to researchers at Armis, a whopping 97 percent of the OT devices impacted by URGENT/11 have not been patched, despite fixes being delivered in 2019. "URGENT/11 could allow attackers to remotely exploit and take over mission critical devices, bypassing traditional perimeter and device security. Every business with these devices needs to ensure they are protected," said Yevgeny Dibrov, CEO and co-founder of Armis, when the bugs were discovered.

Deloitte picked resilience as the theme for its 12th annual tech trends report; a word that became a mantra in nearly every organization after their 2020 plans were upended by the coronavirus pandemic. In a webinar Monday, the firm identified nine trends separated into three groups that focus on how organizations can use technology to digitize, modernize, and enhance their businesses.