Security News > 2020

To thwart increasingly dangerous cyber criminals, law enforcement agents are working to "Burn down their infrastructure" and take out the tools that allow them to carry out their devastating attacks, FBI Director Christopher Wray said Wednesday. Unsophisticated cyber criminals now have the power to paralyze entire hospitals, businesses and police departments, Wray said during a conference on cybersecurity at Boston College.

Murat Sönmez: Data is basically information that a thing-a car-generates, or a device, or data about you. If you can collect data from sensors on the environment we live in, if you can collect data about your lifestyle-you need to exercise, what you eat-and collect data on genetics, we can pool that.

Let's Encrypt planned to revoke more than 3 million TLS certificates on Wednesday after it discovered a bug that allowed an important security check performed during TLS issuance to be bypassed. On March 4, we will revoke 2.6% of currently active Let's Encrypt certificates.

Free and open certificate authority Let's Encrypt has decided that it will not revoke one million of the certificates affected by the recent CAA recheck bug. A total of 3,048,289 certificates were supposed to be revoked, but Let's Encrypt ultimately decided to leave 1 million of them unreplaced at this time.

Business tools development company Zoho says it's working on a patch for a zero-day vulnerability affecting its ManageEngine Desktop Central product. "Since Zoho typically ignores researchers, I figured it was OK to share a ManageEngine Desktop Central zero-day exploit with everyone," Seeley wrote on Twitter.

In South America many of the governments that were using Crypto machines were engaged in assassination campaigns. I mean, they're using Crypto machines, which suggests that the United States intelligence had a lot of insight into what was happening.

The patched flaw was made public in early February on the HackerOne bug bounty platform and was forwarded to The Register by concerned reader Matt, who told us: "Note that this is regardless of whether the users had set strong passwords and otherwise wouldn't be vulnerable to credential-stuffing attacks." Professor Alan Woodward of the University of Surrey told The Register that while the vuln was bad, it would require an extra step to enumerate user IDs before the attack would work at scale.

UK ISP and telecom provider Virgin Media has confirmed on Thursday that one of its unsecured marketing databases had been accessed by on at least one occasion without permission. Comparitech revealed that, in January, its security research team discovered a similarly unsecured and exposed database with 200 million records containing a wide range of property-related data on US residents.

Deception technology has moved from being an emerging technology to a more mainstream security control, say Tony Cole, CTO, and Carolyn Crandall, chief deception officer and chief marketing officer, at Attivo Networks. Standards & frameworks in the market around deception;.

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU. It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features.