Security News > 2020

Deep Instinct, a cybersecurity company that uses deep learning to predict, identify and prevent attacks, announced on Wednesday that it has raised $43 million in a Series C funding round. The latest funding round, which brings the total raised by Deep Instinct to $100 million, was led by Millennium New Horizons, with participation from Unbound, LG, and NVIDIA. The company says it will use the money to accelerate sales and marketing, and expand business operations globally.

An infosec researcher has published a JavaScript-based proof of concept for the Netgear routerlogin.com vulnerability revealed at the end of January. Through service workers, scripts that browsers run as background processes, Saleem Rashid reckons he can exploit Netgear routers to successfully compromise admin panel credentials.

Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense, the newly discovered Emotet sample leverages a "Wi-Fi spreader" module to scan Wi-Fi networks, and then attempts to infect devices that are connected to them.

The US has charged the Chinese military with plundering Equifax in 2017. According to the indictment, the four allegedly pried open Equifax by exploiting a vulnerability in the Apache Struts Web Framework software used by the credit reporting agency's online dispute portal.

Deceptive Phishing - The most common type of phishing attacks, whereby threat actors impersonate a legitimate company to steal users' personal data and access credentials. Spear Phishing - These types of attacks are more sophisticated, whereby the threat actor customizes the attack email with the target's name, job title, company, and other personal information to make the recipient believe they have a connection to the sender.

The leaky bucket belongs to JailCore, a cloud-based app meant to manage correctional facilities, including by helping to ensure better compliance with insurance standards by doing things like tracking inmates' medications and activities. JailCore closed down the data leak between 15 and 16 January: 10 or 11 days after vpnMentor notified it about the breach.

Finding what cloud services employees are using is half the battle-integrating Microsoft Cloud App Security and Defender Advanced Threat Protection lets you track, block, or audit cloud app usage. Microsoft Cloud App Security now includes a shadow IT discovery tool that integrates with Defender ATP to discover cloud app and service usage on any managed device.

Simply put, Emotet is not a run-of-the-mill crimeware and therefore should not be underestimated. The better organizations can understand the evolution and role that Emotet plays, the better equipped they'll be to protect themselves from becoming the next victim.

To assist CISOs with these tasks, Cynet created the IR Management and Reporting PowerPoint template, which apart from providing an actionable response framework, is also clear and intuitive for the executive level. IR Reporting To turn the security process more digestible for management, the template focuses on two key themes - actions taken to control the incident and continuous insights into its root cause and scope.

Almost a third of internet users affected by data breaches last year had reused a password in some form. "Our data shows that consumers are still not changing their poor password habits, yet we know they're holding organizations accountable for their security." said David Endler, chief product officer for SpyCloud.