Security News > 2020

An apparent ransomware attack on an accounting firm in December exposed the patient data of Community Care Physicians, a large upstate New York medical group, as well as other clients of the firm. Some of the data that was breached as a result of the attack on Albany, New York-based BST & Co. CPAs LLC has shown up on the publicly accessible website of ransomware gang Maze, which purportedly names and shames victims into paying ransoms, says Brett Callow, a threat analyst with the security firm Emsisoft.

RSA Yet another big brand has pulled out of RSA Conference, due to take place next week, amid the ongoing novel coronavirus panic. "We have decided not to participate in RSA Conference 2020 after careful consideration and discussions. We value our participation in industry events like RSA and greatly support the measures taken by event organizers to protect attendees," an AT&T spokesperson told The Register.

There's a Kickstarter for an actual candle, with real fire, that you can control over the Internet. What could possibly go wrong?...

Global facilities company ISS World, headquartered in Denmark, has shuttered most of its computer systems worldwide after suffering what it describes as a "Security incident impacting parts of the IT environment." On 17 February 2020, ISS was the target of a malware attack.

The U.S. Census Bureau has not done enough to address cybersecurity issues in preparation for the 2020 census, which is slated to begin in April, according to a new report from the Government Accountability Office. The GAO report notes that over the last 10 years, the watchdog agency has issued more than a 110 recommendations on a variety of topics, including cybersecurity, to the Census Bureau concerning the 2020 census, but some of them have yet to be implemented.

Cisco has released patches for sixteen vulnerabilities across its products, including one rated critical, six high severity, and nine medium risk. The critical vulnerability impacts Cisco's Smart Software Manager On-Prem licensing solution and could allow a remote, unauthenticated attacker to access system data with high privileges.

More than 400 vulnerabilities affecting industrial control systems were disclosed in 2019 and over a quarter of them had no patches when their existence was made public, according to a report published on Thursday by industrial cybersecurity firm Dragos. Dragos analyzed 438 ICS vulnerabilities covered in 212 security advisories, roughly the same as in the previous year.

Casino and hotel chain MGM Resorts lost almost 10.7 million guest records last summer, including the data of Jack Dorsey and Justin Bieber, which was duly posted to hacker forums. According to soon-to-be-launched leak tracker Under the Breach, which spotted the post this week, the records included email addresses along with names, phone numbers, addresses and dates of birth.

A newly identified hacking group has been targeting gambling companies in Asia, the Middle East and Europe, using backdoors to steal source code and other data, according to new research from security firm Trend Micro. The APT group was first discovered in the summer of 2019 by the consultancy Talent-Jump Technologies, which was conducting an incident response operation for a client located in the Philippines when it came across a never-before-seen backdoor connected to these hackers, according to the Trend Micro report.

A critical flaw in the High Availability service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn't directly connected to the internet. Cisco Smart Software Manager On-Prem Base is used to manage a customer or partner's product licenses, providing near real-time visibility and reporting of the Cisco licenses that an organization purchases and consumes.