Security News > 2020

Hundreds of pediatric healthcare providers in Massachusetts were still unable to access their electronic health records systems Thursday after a malware attack earlier this week targeted a large physician network affiliated with Boston Children's Hospital. The system outage affecting Brookline, Mass.-based Pediatric Physicians Organization at Children's started on Tuesday; the malware attack was discovered on Monday afternoon.

Ransomware brings a business to a screeching halt every 11 seconds, making it the most pervasive and destructive malware threat out there. With fast-evolving ransomware strains, protecting your business means it is essential to take on so-called zero-day attacks that slip by traditional anti-virus defenses.

A popular WordPress plugin, which helps make websites compliant with the General Data Protection Regulation, has issued fixes for a critical flaw. The plugin, GDPR Cookie Consent, which helps businesses display cookie banners to show that they are compliant with EU's privacy regulation, has more than 700,000 active installations - making it a ripe target for attackers.

While public health concerns over the spread of the coronavirus are leading to the cancellation of some international events, the RSA Conference 2020 will proceed as scheduled. The RSA Conference website has been updated five times so far this year with information about the coronavirus and preparations for the gathering.

Chinese tech giant Huawei was hit Thursday with fresh US criminal charges alleging a "Decades-long" effort to steal trade secrets from American companies. A US indictment unsealed in New York alleges Huawei and its proxies conspired "To misappropriate intellectual property" from six US firms as part of a strategy to grow and become the world's largest telecom equipment maker, the Justice Department said.

Two apparently politically motivated backdoor campaigns have been observed operating in the Middle East, targeting influential Palestinians. The two campaigns are primarily differentiated by the backdoor malware used: Spark and Pierogi - and have been named as the Spark Campaign and the Pierogi Campaign respectively by researchers at Cybereason's Nocturnus group.

"Because it's all embedded devices, it's up to the manufacturer to go ahead and distribute patches or firmware updates in order to secure the device. That's a problem because these are inherently security flawed devices," said Jonathan Langer, CEO of IoT security company Medigate. "The first basic thing I'd do as an enterprise is get visibility. I need to understand what IoT devices are connected to my network. IoT devices are perceived as something the IT department is in charge of, but employees can bring in connected refrigerators or security cameras and plug it into the network," Langer said, adding that those kinds of devices "Introduce risk into the network."

A serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service attacks. The company's researchers have confirmed that the vulnerability impacts products from Siemens and Moxa that use Profinet, but they believe products from other vendors may be affected as well.

The new report outlines the new agenda for the CEO running the digital enterprise. That's where the IDC report "The CEO Agenda for Digital Enterprise" fits.

The company's "Web Application Vulnerabilities and Threats: Statistics for 2019" report found signs that companies are beginning to prioritize security but are still failing to do everything necessary when protecting web applications and users. Nine times out of 10, hackers are able to easily attack website visitors and 82% of web application vulnerabilities lie in the source code.