Security News > 2020

Researchers from the cloud security company DivvyCloud found that breaches caused by cloud misconfigurations cost companies worldwide an estimated $5 trillion in 2018 and 2019. In the "2020 Cloud Misconfigurations Report," DivvyCloud researchers studied all of the data breaches publicly reported between Jan. 1, 2018, and Dec. 31, 2019 across the globe, finding that 196 separate data breaches were identified as having been definitively caused primarily by cloud misconfigurations.

Adobe has issued unscheduled patches for two critical vulnerabilities that, if exploited, enable an attacker to execute remote code on targeted devices. The two apps affected by the critical flaws are Adobe After Effects, a visual effects and motion graphics app used for post-production film making and video game production, and Adobe Media Encoder, an application to help with media processing requirements for audio and video.

With machine learning, it is also possible to generate fake audio for the video or accurately stitch together comment snips to create a totally fake narrative. Consider if a CEO of a company appears on a corporate video making forward-looking performance statements that could likely affect the stock price or a Deepfake inside a conference call video that makes it appear as if an executive is making requests to share information that may expose the business to risk.

Baltimore, MD-based ZeroFOX has raised $74 million in a new funding round led by Intel Capital and including existing vendors NEA, Highland Capital Partners, Redline Capital Management, Hercules Capital and Core Capital. ZeroFOX delivers an AI-powered platform that protects users and brands from social media-sourced threats.

Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information. According to researchers at Group-IB, the multi-stage phishing attack exploited the credibility of Russian Internet portal Rambler to trick users into participating in a fictitious "Like of the Year 2020" contest.

Endpoint security firm CrowdStrike announced on Wednesday that Michael Sentonas has been appointed chief technology officer after Dmitri Alperovitch decided to leave the company to launch a non-profit policy accelerator. Alperovitch, one of the founders of CrowdStrike, has been acting as CTO since the company's launch in 2011.

A hacking forum this week published details of more than 10.6 million guests who stayed at MGM Resorts, the result of a breach due to unauthorized access to a cloud server that occurred at the famous Las Vegas hotel and casino last summer. MGM almost immediately confirmed the breach to ZDNet, linking it to a security incident that happened last summer, according to the report.

Amazon-owned home security and smart home company Ring this week announced new security and privacy features for all of its users. With mandatory 2FA in place, when a user logs into their Ring account, a one-time six-digit code to verify the login attempt - this applies to all Shared Users on the account as well - will be sent, either via email or as a text message.

Firefox version 73 has only been out for a week but already Mozilla has had to update it to version 73.0.1 to fix a range of browser problems and crashes, including when running on Linux machines. In an issue known about for some weeks, users running third-party security programs with anti-exploit protection, including the 0patch 'guerrilla' patching agent, were being affected by crashes.

As advanced as security is in the financial industry, clearly there's still some catching up to do. Another big problem is simply the range of motivations for attacking large financial services companies.