Security News > 2020

Securonix, a leader in Next-Gen SIEM, announced that multiple Securonix Security Operations & Analytics Platform products have been approved for Network Security Management of the Department of Homeland Security's Continuous Diagnostics and Mitigation program's Approved Products List. Securonix Next-Gen SIEM and Security Data Lake products were approved for Network Security Management, which aims to provide tools for incident response and monitoring, ongoing assessment monitoring, and auditing data collection.

Researchers have discovered a new means to target voice-controlled devices by propagating ultrasonic waves through solid materials in order to interact with and compromise them using inaudible voice commands without the victims' knowledge. It's possible for an attacker to interact with the devices using the voice assistants, hijack SMS two-factor authentication codes, and even place fraudulent calls, the researchers outlined in the paper, thus controlling the victim device inconspicuously.

Two Chinese nationals have been charged by the US Department of Justice and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards. According to a newly unsealed court document, the illicit funds originated from a $250 million haul stolen from two different unnamed cryptocurrency exchanges that were perpetrated by Lazarus Group, a cybercrime group with ties with the North Korean government.

Trump's appearance at HIMSS is "Unprecedented" - in that it's the first time a sitting president addressed the health IT conference, the organization notes. "Since our inception, HIMSS has been a nonpartisan organization whose mission is improving global health through information and technology, while providing insights and resources to our membership," HIMSS said in a statement Monday.

If a recipient opens the document via Microsoft Office Outlook, a prompt appears that asks users to "Enable content" to open the document - clicking "Yes" executes macros. This contains another PowerShell script that is responsible for installing the NetSupport Manager RAT onto the victim's machine.

Nvidia's graphics processing unit display driver is used in devices targeted for enthusiast gamers; it's the software component that enables the device's operating system and programs to use its high-level graphics hardware. The most severe flaw exists in the control panel component of the graphics driver, which is a utility program helping users monitor and adjust the settings of their graphics adapter.

We are seeing phishing being threat number one, which leads to the human element here at this conference. Microsoft being the biggest target of phishing here in order to target companies and MSPs. There is an industrialization of what they are doing.

Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.

At the time of the breach, Ticketfly, which was owned and operated by Eventbrite, sold tickets to concerts and events at nightclubs throughout the U.S. Eventbrite reported that the Ticketfly accounts of about 27 million were compromised; they included personal information, such as names, email addresses, physical addresses and phone numbers, according to ZDNet. According to the federal indictment, Ishak allegedly damaged the company's website and then attempted to extort the company for money in May of 2018.