Security News > 2020

US-based telecom giant T-Mobile has suffered yet another data breach incident that recently exposed personal and accounts information of both its employees and customers to unknown hackers. What happened? In a breach notification posted on its website, T-Mobile today said its cybersecurity team recently discovered a sophisticated cyberattack against the email accounts of some of its employees that resulted in unauthorized access to the sensitive information contained in it, including details for its customers and other employees.

VAPs therefore must be prioritised for training, with additional attention given to checking their accounts for potential compromise, but they are not the only ones you should train. The problem training must address is employees do not consider themselves responsible for detecting and avoiding phishing.

Cybercriminals were able to register malicious generic top-level domains and subdomains imitating legitimate, prominent sites due to Verisign and several IaaS services allowing the use of specific characters that look very much like Latin letters, according to Matt Hamilton, principal security researcher at Soluble. To demonstrate the danger of these policies, he registered 25+ domains that resemble a variety of popular domains by using a mix of Latin and Unicode Latin IPA homoglyph characters.

"As more enterprises embrace cloud transformation, IT and data teams face increased pressure to harness the power of data and analytics for business intelligence," said Christopher Lynch, executive chairman and CEO at AtScale. "Hybrid cloud and multi-cloud strategies are key to big data analytics. New data regulations and cybersecurity vulnerabilities are creating roadblocks for IT teams looking to use data for business intelligence, which is why data virtualization and data governance are top priorities in 2020.".

More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. According to security firm Comparitech, the database, which was hosted on Google Cloud, is said to have been first indexed by search engine BinaryEdge on 26th January and discovered a day later by cybersecurity researcher Bob Diachenko.

More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. According to security firm Comparitech, the database, which was hosted on Google Cloud, is said to have been first indexed by search engine BinaryEdge on 26th January and discovered a day later by cybersecurity researcher Bob Diachenko.

The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates.

Total mobile data traffic will reach 131 exabytes per month, with 35 percent carried by 5G networks. While mobile phones will consume the bulk of the data, the sheer number and wide variety of devices that will be connected via 5G technology is likely to pose security threats not faced by previous generations of mobile networks, explains Professor Robert Deng at the SMU School of Information Systems.

As of January 2020, nearly 1 million domains have published DMARC records - an increase of 70% compared to last year, and more than 180% growth in the last two years. Just 13% of all DMARC records are configured with enforcement policies, demonstrating that interest in DMARC is increasing but DMARC expertise is not keeping pace.

In today's perilous cyber world, companies must carefully check their vendors' cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire. These can be a headache, because many questionnaires include hundreds of questions, and many of them are irrelevant.