Security News > 2020

The TrickBot banking trojan has gotten trickier, with the addition of a Windows 10 ActiveX control to execute malicious macros in boobytrapped documents. This creates and executes the OSTAP JavaScript downloader, which acts as a dropper for the TrickBot payload, without user interaction after they click the "Enable macros" button.

Morphisec combines the anti-virus protection in the new Microsoft OS with its own defenses against malware.

Hal Lonas of OpenText Shares Cybersecurity PredictionsWebroot just released its 2020 Threat Report. How has the landscape changed, and what cybersecurity predictions are made for 2020? Hal Lonas...

There are glaring holes in how enterprises currently tackle security analytics, and by redefining the approach, the analyst's role can be transformed. How Chronicle's new approach can transform an analyst's job.

Popular pharmacy chain Walgreens is warning that a bug in its official mobile app may have exposed sensitive data, including customers' full names and information on prescriptions for medications they are taking. While Walgreens did not detail the technical glitch, it said that the internal application error enabled certain personal messages, stored in a database, to be viewed by other customers who were using the mobile app.

Careless and malicious insiders, overly complex IT infrastructure and having an excess of privileged users continue to pose serious risks to the integrity of corporate cybersecurity practices, says Timothy Brown of SolarWinds. The most important steps that IT and security professionals should be taking now to protect their organizations.

SpyCloud is out with its annual credential exposure report, and the bad news is: Password reuse continues to leave enterprises open to breach and account takeover. Chip Witt of SpyCloud shares some of the key takeaways and analysis.

Rail contractor RailWorks Corporation is notifying employees and third-parties that it recently fell victim to a ransomware attack in which sensitive information might have been compromised. The incident, which the company refers to as a "Sophisticated cyberattack," was clearly a ransomware attack, where cybercriminals managed to compromise systems within the contractor's environment and plant data-encrypting malware on them.

The company, which aims to help consumers improve their credit ratings, told customers that an external attack had compromised the two digits of bank account numbers used to make payments and the sort codes customers can use to unlock their savings. Loqbox works by a customer nominating a savings target and Loqbox creating an interest-free loan for that amount.

The mobile app of U.S. pharmaceutical retailer Walgreens inadvertently disclosed personal messages to other customers due to an internal application error, revealing some health-related information. Walgreens filed a copy of the data breach notification it has sent to affected customers with California's Office of the Attorney General, which makes those notifications public.