Security News > 2020 > December

Here's our latest Naked Security Live talk, about how to avoid email scams that arrive under the guise of a well-known brand - in this case, global sandwich seller Subway. Watch directly on YouTube if the video won't play here.

Vulnerabilities discovered in Medtronic's MyCareLink Smart 25000 Patient Reader product could be exploited to take control of a paired cardiac device. Designed to obtain information from a patient's implanted cardiac device, the MCL Smart Patient Reader then sends the data to the Medtronic CareLink network, to facilitate care management, through the patient's mobile device.

A few months ago, the U.S. National Security Agency and Cybersecurity and Infrastructure Security Agency, issued an alert stating, "We are in a state of heightened tensions and additional risk and exposure." The broad warnings of an imminent and serious threat across all 16 critical infrastructure sectors included lengthy, detailed sets of recommendations for how to protect OT environments that, together, encourage a holistic approach that aims for risk reduction across the entire enterprise. Until recently, OT and IT networks were managed differently because of their different characteristics.

Learn how applying cognitive science is one way to thwart cybercriminals' abilities to get unsuspecting users to do their bidding. Now, let's examine the connection between cognitive science and cybersecurity.

Microsoft and several major cybersecurity companies have responded to a researcher's disclosure of a method for remotely disabling their antivirus products by leveraging the Windows safe mode. Researcher Roberto Franceschetti last week published an advisory, a blog post, a video and proof-of-concept exploits demonstrating a method that could be used by an attacker to disable anti-malware products from Microsoft, Avast, Bitdefender, F-Secure and Kaspersky.

Beau Woods, a Cyber Safety Innovation Fellow with the Atlantic Council, founder and CEO of Stratigos Security and a leader with the I Am The Cavalry grassroots initiative, said that hospitals are facing widespread security threats from ransomware to data IP theft. In 2016, I led the authoring of a document called the Hippocratic Oath for Connected Medical Devices, which essentially was a translation of the ages-old Hippocratic Oath into a modern era, now that increasingly healthcare delivery is being undertaken by medical devices by electronic healthcare records and other systems that support the physicians.

Newly discovered Windows info-stealing malware linked to an active threat group tracked as AridViper shows signs that it might be used to infect computers running Linux and macOS. The new trojan, dubbed PyMICROPSIA by Unit 42, was discovered while investigating AridViper activity, a group of Arabic speaking cyberspies focusing their attacks on Middle Eastern targets since at least 2011. While PyMICROPSIA is a Python-based malware that specifically targets Windows systems using a Windows binary generated using PyInstaller, Unit 42 has also found code snippets showing that its creators are potentially working on adding multi-platform support.

Cybersecurity assessment solutions provider Outpost24 on Monday announced that it has raised SEK 200 million. Founded in 2001 and owned Nordic software investor Monterro, Karlskrona, Sweden-based Outpost24 helps businesses identify and address vulnerabilities in their networks.

Microsoft has started rolling out new Universal versions of Microsoft 365 apps with native support for both Apple Silicon and Intel-based Macs starting today. "The new Office apps are Universal, so they will continue to run great on Macs with Intel processors," Bill Doll, Senior Product Marketing Manager for Microsoft 365 said.

The press is reporting a massive hack of US government networks by sophisticated Russian hackers. One government official said it was too soon to tell how damaging the attacks were and how much material was lost, but according to several corporate officials, the attacks had been underway as early as this spring, meaning they continued undetected through months of the pandemic and the election season.