Security News > 2020 > December

A former Cisco employee who went medieval on his former employer and cost the company millions, has been sentenced to two years in prison and a $15,000 fine. Five months later he used access credentials to get back into Cisco's systems and deleted virtual machines on Webex - borking more than 16,000 WebEx Teams accounts for two weeks in some cases and costing Cisco $2.4m in refunds and repair work.

After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked everyone for the fantastic content that they have released over the years. In the release notes for the final Flash Player 32 and AIR 32 released this Tuesday, Adobe thanks all the developers and customers for the amazing Flash content they have created over the last two decades.

Subway customers in the UK and Ireland were swamped with scam emails yesterday in a phishing campaign that aimed to trick recipients into downloading malware. As a result of this uncertainty, many Twitter users have asked Subway if the scamming campaign was down to some sort of breach: perhaps, they wondered, criminals had somehow got access to Subway's newsletter service in order to click [Send] on an unauthorised email campaign.

Figure A. As mentioned, cost remains a driver for open source adoption, but the number one driver of open source today was the number one inhibitor of open source adoption 10 years ago: Security. This, despite things like Heartbleed and other well-publicized open source security breaches.

This is a deep-diving species that “fed on small prey items such as squid.” Academic paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t...

Researchers are detailing widespread security issues in point-of-sale terminals - specifically, three terminal device families manufactured by vendors Verifone and Ingenico. The issues, which have been disclosed to the vendors and since patched, open several popular PoS terminals used by retailers worldwide to a variety of cyberattacks.

A persistent malware campaign called Adrozek has been using an evolved browser modifier to deliver fraudulent ads to search-engine pages, according to Microsoft. The Adrozek family of malware changes browser settings to allow it to insert fake ads over legitimate ones, which earns the scammers affiliate advertising dollars for each user they can trick into clicking.

An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution vulnerability to compromise database servers. The miner takes a fileless approach, deleting the PostgreSQL table right after code launch, researchers said: PGMiner clears the "Abroxu" table if it exists, creates a new "Abroxu" table with a text column, saves the malicious payload to it, executes the payload on the PostgreSQL server and then clears the created table.

Threat actors are targeting K-12 educational institutions in the United States to deploy ransomware, steal data, or disrupt distance learning services. In a joint alert this week, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center warned of continuous attacks targeting K-12 educational institutions.

Christopher Taylor, 57, who "Confessed to disguising malware as recognisable and legitimate computer programs", installed Cybergate on more than 770 people's devices, covertly recording "Images of people in various stages of undress and involved in sexual activity" as Westminster Magistrates' Court found. In spite of claims that Taylor's malware-fuelled spree concerned mainly American citizens, close analysis of his seized laptop by an American expert found that just 7 per cent of his victims were located in the US - with the rest being spread between 37 different countries, including the UK. Taylor himself was suicidal at the thought of being sent to the US, found the judge, as was his disabled wife who had threatened to end her life if her husband, also her main carer, was extradited.