Security News > 2020 > December

Google has updated its Chrome web browser, fixing four bugs with a severity rating of "High" and eight overall. An updated 87.0.4280.88 version of Chrome addresses the bugs and will "Roll out over the coming days/weeks," Google wrote.

The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Here’s the program. Registration is free.

A payment card-skimming malware that hides inside social-media buttons is making the rounds, compromising online stores as the holiday shopping season gets underway. Once ensconced on the page, the malware behaves just like the widespread Magecart group of skimmers, with the code being parsed and run by a shopper's PC in order to harvest payment cards and any other information entered into a site's online fields, he added.

Administrators scrambled to keep the hospital operational - cancelling non-urgent appointments, reverting to pen-and-paper record keeping and rerouting some critical care patients to nearby hospitals. The Vermont hospital had fallen prey to a cyberattack, becoming one of the most recent and visible examples of a wave of digital assaults taking U.S. health care providers hostage as COVID-19 cases surge nationwide.

VMware on Thursday released patches for a Workspace ONE Access security flaw that was identified and reported by the National Security Agency. Formerly VMware Identity Manager, Workspace ONE Access delivers multi-factor authentication, single sign-on, and conditional access functionality for SaaS, mobile and web applications.

It has been another rough week for the enterprise and education as ransomware continues to impact business operations and shut down schools. Ransomware operators have attacked the Huntsville City Schools district in Alabama, forcing them to shut down schools for the rest of the week and possibly next week.

New research from CyberNews.com analyzed 15.2 billion passwords based on term categories, with only 2.2 billion being considered "Unique." People, the data showed, choose passwords based, obviously, on what they think they can remember, but can be deciphered by hackers based on the creator, patterns, and personality. About 7% of passwords were either curse words or sex-related.

Over the past several months, the "Mercenary" advanced persistent threat group known as DeathStalker has been using a new PowerShell backdoor in its attacks, Kaspersky reports. Kaspersky's security researchers, who have been tracking the group since 2018, identified a previously unknown implant the group has been using in attacks since mid-July.

With the COVID-19 pandemic leading us all to depend on online services like we never have before, a DDoS attack that takes operations offline can have very serious and long-term consequences for a business. Add to this the huge surge in DDoS attacks this year, with assaults getting bigger, more powerful and disruptive, and it's clear security leaders need to urgently get to grips with how to deal with them.

The FBI has warned of an increasing number of scammers preying on unemployed Americans by trying to recruit them into their money mule schemes and use them to launder funds obtained via fraud, online scams, and other types of criminal activities. The FBI provides a list of signs that you may be a money mule without even knowing it and measures to protect yourself from money mule schemes.