Security News > 2020

The US and UK governments have both accused Russia of launching a cyber attack against the Georgian government last year. The attacks, mounted on 28 October 2019, came from Russia's notorious GRU military intelligence unit, according to announcements from the US State Department and the UK's National Cyber Security Centre.

The United States' Defence Information Systems Agency has started notifying people that their personal information may have been compromised as a result of a data breach that occured in 2019. DISA is a Department of Defense combat support agency that employs over 8,000 military and civilian personnel.

On August 7, 2019, a single credential stuffing attack against a financial services company recorded 55,141,782 malicious login attempts. The majority of API attacks against finserv was negligible for much of the two years covered by the analysis, but suddenly spiked to more than 80% of all malicious login attempts in May 2019, and to more than 75% in October 2019.

The personal data of 10,683,188 MGM hotel guests that leaked sometime in or before 2017 was posted for sale on the Dark Web this week, ZDNet reports. ZDNet called hotel guests whose details were included in the data dump and found that, while some of the phone numbers had been disconnected, many were still valid, as "The right person answered the phone."

Policy makers can't create policy around a piece of technology without understanding how it is used - how all of it's used. Technology and policy both use concepts of trust, but differently.

An active supply chain campaign that has been ongoing since late 2017 has infected at least 20,000 websites via malicious WordPress themes and plugins, Prevailion reports. Dubbed PHPs Labyrinth, the campaign used 30 different WordPress marketplace platforms to distribute trojanized versions of premium themes.

Researchers have identified eight malicious Android apps in the official Google Play marketplace distributing a new malware family. The comments under the Google Play download pages for these specific eight apps described the apps acting suspiciously, serving as red flags for potential downloaders.

Cisco has released a new batch of security fixes for a number of its products, including its Smart Software Manager On-Prem solution and its Email Security and Content Security Management Appliances. The critical flaw is in the High Availability service of the Cisco Smart Software Manager On-Prem.

After fixing a fat pile of critical security flaws as part of last week's Patch Tuesday update, Adobe has come back with two more that need urgent attention. The second is also an out-of-bounds write weakness, this time in Adobe Media Encoder, affecting Windows and macOS versions 14.02.

On Wednesday, the state senate passed a bill - Senate Bill 6280 - that would prohibit state and local government agencies from using facial recognition in most instances, including. The latest version of the bill specifies that at least 90 days before government agencies adopt a new facial recognition technology, they must inform the public about the technology in question - in detail.