Security News > 2020 > December

Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump. In the midst of its popular Spotify Wrapped 2020 playlist rollout of the year's most popular songs, the streaming service is grappling with a security breach, which affected the pages of some of its biggest stars, including Lana Del Rey, Dua Lipa, Future, Pop Smoke and others.

"Unfortunately, despite some of the conveniences and efficiencies that remote work can provide, it has greatly expanded the attack surface for all businesses, including think-tanks," Banda said. In late October, CISA warned that the North Korean APT group known as Kimsuky is actively attacking think-tanks, commercial-sector businesses and others, often by posing as South Korean reporters.

A young man caught hacking into Nintendo's servers to steal secret Switch blueprints has been sentenced to three years in prison after ignoring an FBI warning to stop. According to court documents [PDF] Ryan Hernandez of Palmdale, California, is now 21 though in 2016, while a minor, he requested help on a Nintendo forum.

The bugs, if exploited, could expose DocuShare users to an attack resulting in the loss of sensitive data. Xerox issued its security advisory on November 30.Xerox did not share the specifics of the bugs or possible attack scenarios.

Oh, and exploits were wormable­ - meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. Beer's attack worked by exploiting a buffer overflow bug in a driver for AWDL, an Apple-proprietary mesh networking protocol that makes things like Airdrop work.

Managed Detection and Response provider GoSecure this week announced that it has secured $35 million in Series E growth funding. GoSecure claims that its platform can help organizations significantly improve the manner in which they protect themselves, by enabling them to detect and mitigate incidents in less than 15 minutes.

ESET's security researchers have discovered yet another piece of malware that Russian cyber-espionage group Turla has been using in its attacks. According to ESET, the malware might be used only against very specific targets, a common feature for many Turla tools.

Google is shutting down its 3D model sharing site Poly in 2021 to focus their resources on building AR experiences. Google Poly allows designers to upload their 3D models to a gallery that can be used by other members in their projects.

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat espionage group. Researchers said that the Crutch toolset has been designed to exfiltrate sensitive documents and other files to Dropbox accounts, which Turla operators control.

With different types of solutions approaching the fraud problem space from different angles, it's worth asking the question: What problem or problems are we actually trying to solve with this class of solutions? To my knowledge, enterprises are most often interested in reducing fraud losses. While these may seem like legitimate techniques, they don't actually reduce fraud losses.