Security News > 2020

Japanese IT and electronics company NEC Corporation has revealed that hackers had access to its network for a long time, but the incident occurred several years ago. The attack, NEC says, was initially discovered in July 2017, when a report from the security company contracted by the electronics giant revealed unauthorized communications between computers on the internal network and external entities.

Cybercriminals are using fake email messages about the coronavirus to spead the Emotet Trojan as well as other malware, according to reports released this week by IBM and Kaspersky. The cybercriminals spreading the Emotet Trojan apparently are attempting to target regions closer to China, where the coronavirus originated, but it's likely that their tactics will shift to other countries in the coming weeks, according to IBM. "We expect to see more malicious email traffic based on the coronavirus in the future, as the infection spreads," the IBM researchers say.

When state election officials gathered ahead of the last presidential election, major topics were voter registration, identity theft and ballot design. Election officials from 44 states joined officials with 11 federal agencies and representatives from more than a dozen voting technology companies to participate in the half-day exercise to help them keep votes secure.

A federal judge has ruled that an insurer providing a "Business owner's insurance policy" to National Ink & Stitch, which sustained a ransomware attack in 2016 and was forced to replace most of its IT infrastructure, must pay for the damages the security incident caused. In her recent ruling, Judge Stephanie Gallagher of the U.S. District Court of Maryland wrote that the damage to Nation Ink & Stitch's computer infrastructure from a ransomware attack constituted "Physical loss or damage" covered by the insurance policy and that the insurer must pay the costs to recover and rebuild the network.

Police in the United Kingdom have arrested six suspects as part of a months-long money laundering investigation tied to the theft of €13 million from a Maltese bank. As part of the investigations into the bank heist, which has been tied to an organized crime gang, Britain's National Crime Agency says it arrested two men, ages 22 and 17, last week in London.

Google on Thursday announced that it has released the source code for a project named OpenSK in an effort to allow users to create their own security key devices. Specifically, the company hopes that researchers, manufacturers of security keys and even enthusiasts will help develop new features and accelerate the adoption of these authentication devices.

Targeting UN networks in Geneva and Vienna, the attacker was able to compromise accounts and data at dozens of servers, prompting one senior UN IT official to call it a "Major meltdown," the New Humanitarian said. "These things...attempts to attack the UN IT infrastructure happen often. The attribution of any IT attack is remains very fuzzy and uncertain. So, we are not able to pinpoint to any specific potential attacker, but it was, from all accounts, a well‑resourced attack."

A current hacking competition on the illicit forum known as XSS offers members the chance to win a share of $15,000 in return for original articles containing proof-of-concept videos or original code, according to a Digital Shadows report, released on Thursday. In the past, competitions on underground forums offered much smaller prize winnings and also focused on lighthearted challenges meant to build community, rather than hacking prowess.

A newly launched project wants to help inform IT security representatives and domain owners when their users fall victim to phishing. Ch, the project collects information on users who became victims of phishing by entering their credentials on a phishing website.

Google has open-sourced OpenSK, firmware that, combined with an affordable chip dongle, allows you to make your own security key to use for authentication purposes. About OpenSK. OpenSK isan open-source implementation for security keys that supports both FIDO U2F and FIDO2 standards.