Security News > 2020

Cloud provider INAP surveyed IT professionals to see what they thought of the biggest tech trends, and the result is a list that tech leaders could use to plot initiatives for the year ahead. The survey results break down into two categories: The most overhyped trends and those most deserving of attention. The most overhyped trends of 2020 1: Augmented reality.

FireEye researchers are tracking a hacker campaign using a new type of backdoor they call "Minebridge" that has primarily been targeting U.S. financial firms this year. The campaign, which appears to have started around Jan. 7, involves planting the Minebridge backdoor into corporate networks to deliver other malware and allow attackers to map the infrastructure, according to a new FireEye report.

EKANS also uses another trick to ratchet up the pain: It's designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encrypt the data that those control system programs interact with.

About one in five of the 80,000 companies affected by a critical bug in the Citrix Application Delivery Controller and Citrix Gateway are still at risk from a trivial attack on their internal operations. "The critical information about applications accessible by Citrix can be leaked," he explained.

Greater Manchester Police is struggling with a partial outage of a Capita-built computer system used by frontline officers to input information. The PoliceWorks systems, which form part of the force's new iOPS - a £27m project undertaken by everyone's favourite outsourcer - went down after a planned IT upgrade at midnight on Monday.

In the weeks leading up to the 2016 presidential election, the Obama administration struggled to respond to Russia's efforts to interfere with the voting process due, in part, to internal debates over concerns about confusing the public, according to a new U.S. Senate Intelligence Committee report. The report released Thursday, "U.S. Government Response to Russian Activities," is the third volume based on the Senate Intelligence Committee's investigation into the 2016 election and how Russia sought to interfere in the U.S. voting process.

In the 7 years since, threats have become exponentially more advanced, launched by well-funded cyber-criminal groups and nation-state proxies and leveraging automation and AI. And yet the people hacking into Ring cameras weren't highly-technical or using AI. They were Script Kiddies using credentials found and traded on the Dark Web to access devices that did not use 2FA or other additional security mechanisms. As a threat analyst, I have helped companies identify hundreds of IoT devices, from insecure smart refrigerators and CCTV cameras, to compromised video conferencing systems and biometric scanners.

A new phishing campaign is attempting to deliver sophisticated malware that can completely hijack an Android mobile device to steal user credentials, install a keylogger and even hold a device's data for ransom. Researchers at Cofense, who discovered the campaign, said the malware targets more than 250 Android apps with tailored login overlay screens used to capture credentials inputted into the apps.

The U.S. Department of Justice has asked victims of the Quantum Stresser DDoS-for-hire service, whose operator was recently sentenced, to come forward. According to authorities, the service had roughly 70-80,000 subscribers between 2011 and 2018, and in 2018 customers launched or attempted to launch approximately 50,000 DDoS attacks aimed at individuals or organizations.

A judge in Brazil's capital on Thursday dismissed accusations that journalist Glenn Greenwald was involved in hacking phones of officials, following weeks of criticism that his prosecution would infringe on constitutional protections for the press. Prosecutors last month leveled accusations that Greenwald helped a group of six people hack into phones of hundreds of local authorities, saying his actions amounted to criminal association and illegal interception of communications.