Security News > 2020
Agari's Cyber Intelligence Division, which concentrates on email threat investigations, has found that 60% of employee-reported suspect emails are false positives. Wire transfer scams also increased from 19% to 22%, while payroll diversion scams fell from around 25% to 16%. There is another shift within the fraudulent emails.
One is a big new category that we saw emerging in 2019 was not a true data breach per se, but what we're calling a data exposure, or you may also have heard the term data lake, and that's where some businesses just forgot to put a password on their cloud environments. If you can't keep up with all those passwords, use a password manager.
Granicus, one of the largest IT service providers for U.S. federal and local government agencies, acknowledges that it left a massive Elasticsearch database exposed to the internet for at least five months, but it says the risks involved were low. Ehrlich says the Granicus database included links to files on websites belonging to the Department of Health and Human Services and U.S. House of Representatives, as well as hundreds of other local government units across the country.
Rather than patching once a calendar month, Mozilla goes for every sixth Tuesday - or every 42 days, which we call Fortytwosday in a hat-tip to HHGttG. This update takes the regular build of Firefox to 73.0, while the long-term release, which includes security fixes but not feature updates, goes to 68.5.0esr. The good news is that none of the security holes fixed in this update seem to be what are known as zero-day vulnerabilities, which is the industry term for bugs that the crooks figure out first.
Users of Dell SupportAssist should patch their software immediately to fix a software bug that could lead to arbitrary code execution, the PC vendor said this week. SupportAssist is a Dell software product that comes preinstalled on most of its Windows-based endpoints.
The Facebook-owned messaging service WhatsApp said Wednesday it now has more than two billion users around the world as it reaffirmed its commitment to strong encryption to protect privacy. The statement said WhatsApp remained committed to its "Strong encryption" that enables users to connect privately even amid calls by law enforcement in the United States and elsewhere to provide more access.
The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as 'critical' and 87 'important'. The first indication of the IE zero-day, now identified as CVE-2020-0674, appeared when Mozilla fixed a very similar issue in Firefox on 8 January, less than two days after the appearance of version 72.
According to the FBI's 2019 Internet Crime Report, released on Tuesday by the bureau's Internet Crime Complaint Center, the total amount of money clawed out of victims through a smorgasbord of cybercrime types just keeps climbing, with 2019 bringing both the highest number of complaints and the highest dollar losses reported since the center was established in May 2000. There were 68,013 people over the age of 60 who reported being victimized last year, and their total reported loss was $835,164,766.
Facebook removed 78 accounts, 11 pages, and 29 groups, as well as four Instagram accounts that were violating its policy against foreign or government interference. The second network that was taken down originated in Iran and included 6 Facebook accounts and 5 Instagram accounts.