Security News > 2020

On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked.

On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked.

The updates were pulled, and we are waiting to see if Microsoft re-releases a more comprehensive fix this patch Tuesday. The advisory specifically stated, "The March 10, 2020 and updates in the foreseeable future will not make changes to LDAP signing or LDAP channel binding policies or their registry equivalent on new or existing domain controllers." These features will be included in the March Patch Tuesday updates, so take advantage and enable them.

For enterprises whose IT landscape is already well-defined and set, digital transformation offers a massive opportunity to rethink and reimagine the IT setup for more robust digital security. As we build new applications, prepare them to move to the cloud, take advantage of new design elements like microservices or APIs, the leeway to strengthen design security is immense.

The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. Discovered by IOActive security researcher Ilja Van Sprundel, the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol packet parser of the pppd software, an extension that provides support for additional authentication methods in PPP connections.

The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. Discovered by IOActive security researcher Ilja Van Sprundel, the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol packet parser of the pppd software, an extension that provides support for additional authentication methods in PPP connections.

Hackers are using hidden mobile apps, third-party login and counterfeit gaming videos to target consumers, according to McAfee. Hidden apps are the most active mobile threat facing consumers, generating nearly 50% of all malicious activities in 2019- a 30% increase from 2018.

More than 50 percent of security and IT leaders agree that they are very concerned about the security of corporate endpoints given the prevalence of sophisticated attack vectors like ransomware, disruptionware, phishing and more, according to a survey from RSA Conference 2020 by Absolute. According to recent industry reports, 2019 saw a record number of more than 5,000 breaches as well "An unprecedented and unrelenting barrage of ransomware attacks" in the U.S. that impacted at least 966 businesses, government agencies, educational establishments and healthcare providers at a potential cost of more than $7.5 billion.

US lawmakers proposed legislation Thursday that could see internet companies held legally responsible for content on their platforms if they don't do enough to police child pornography. Senators from both parties, backed by the Department of Justice, said that existing laws immunizing internet hosts like social media companies from liability for user-posted content have allowed child pornography to proliferate.

More than half of all healthcare vendors have experienced a data breach that exposed protected health information, and it's a costly problem that points to broken third-party risk assessment processes, according to data released by the Ponemon Institute and Censinet. The report shows that 54 percent of healthcare vendors have experienced at least one data breach of protected health information belonging to patients of the healthcare providers they serve.