Security News > 2020 > December

First reported in late August by researchers at Oversecured and since analyzed by cyber threat intelligence provider Check Point, a recent flaw affecting several Android apps points to this patch-applying dilemma. After alerting the developers of these apps to the flaw, the Viber and Booking apps have since been patched, according to Check Point.

An unknown threat actor that is likely sponsored by a nation state is believed to be behind a recent phishing campaign targeting the COVID-19 vaccine cold chain, IBM Security reported on Thursday. The targets appear to be associated with the Cold Chain Equipment Optimization Platform of Gavi, the Vaccine Alliance, whose main goal is to improve access to vaccines in poor countries.

We all know departing employees are a concentrated risk. Security risks: Employees who repeatedly break security protocols, such as clicking on phishing links, or fail security awareness training.

The American Civil Liberties Union has sued the US government, claiming Homeland Security agents trampled over people's constitutional rights - by buying phone location data from commercial brokers rather than getting necessary search warrants. "These practices raise serious concerns that federal immigration authorities are evading Fourth Amendment protections for cell phone location information by paying for access instead of obtaining a warrant," the ACLU said in a statement this week.

A computer hacker who stole information from Nintendo and was also caught with child pornography on his computer was sentenced Tuesday to three years in prison. Hernandez was caught stealing confidential Nintendo files in 2016 when he was a minor.

US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned. BleepingComputer has learned that Kmart suffered a cyberattack by the Egregor ransomware operation this week that encrypted devices and servers on the network.

The industry has been dealing with a skills gap for years now, but the silver lining in all of this is that for individuals looking to change careers or reskill, there is a lot of opportunity in cybersecurity. The global shortage of cybersecurity professionals exceeds 3.12 million - according to a study conducted by2 - which means the global cybersecurity workforce must now grow at a staggering rate each year just to meet the growing demand for skilled talent.

Cybercriminals are using a recently registered lookalike domain in a phishing campaign targeting United States organizations, FINRA warns. A government-authorized not-for-profit organization, FINRA regulates over 624,000 brokerage firms in the United States.

The Federal Bureau of Investigation has issued a notification to warn organizations of scammers setting up auto-forwarding email rules to facilitate business email compromise schemes. Cybercriminals are exploiting the mass shift to telework during the COVID-19 pandemic to conduct malicious operations, including BEC scams that are more likely to succeed due to the targeting of an email rule forwarding vulnerability.

For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security and developers' practices regarding vulnerability reporting, alerting and remediation. The Microsoft subsidiary found that security vulnerabilities often go undetected for more than four years before being disclosed.