Security News > 2020

A Canadian insurance business struck by ransomware paid off the crooks via a cyber insurance policy - and their English reinsurers, having shelled out 109.25 Bitcoins, want it back from the alleged blackmailers. After infection the unnamed Canadian company suffered a total lockdown of all of its systems and asked its reinsurance firm to pay the ransom so it could get back on its feet.

Critical vulnerabilities in Adobe's Magento e-commerce platform - a favorite target of the Magecart cybergang - could lead to arbitrary code execution. Out of the flaws, Adobe has fixed three that it rates as critical in severity, meaning that successful exploits could "Allow malicious native code to execute, potentially without a user being aware."

"The main takeaway for online conference platforms is that these companies are in charge of the security of their users and they need to work to secure these environments. Zoom added a password but other actions can be taken as well so that people can't really abuse these platforms," she said. Beyond Zoom's recent flaw, Horowitz also talked to Threatpost about the challenges of hunting down cybercriminals and making attribution, and the top threats she's anticipating in 2020 - from ransomware to cloud-infrastructure attacks.

Forget the infamous Meltdown and Spectre chip flaws from 2018, the problem that's tying down Intel's patching team these days is a more recent class of side channel vulnerabilities known collectively as ZombieLoad. These relate to a data leakage problem called Microarchitectural Data Sampling affecting Intel's speculative execution technology introduced in the late 1990s to improve chip performance. ZombieLoad was originally made public by researchers last May as part of a triplet of hypothetical issues which included two others, Fallout and Rogue In-Flight Data Load, affecting post-2011 Intel processors.

The researchers used a network of honeypots to monitor network traffic and keep tabs on the attackers and how they attempted to take advantage of security flaws within the fake industrial environment, Trend Micro explains in a new report. "Advanced attackers could be very picky in choosing systems they wanted to compromise and would check every small detail that they could before conducting an attack," the report notes.

The United Nations headquarters in New York as well as the U.N.'s sprawling Palais des Nations compound in Geneva, its European headquarters, did not immediately respond to questions from the AP about the incident. The internal document from the U.N. Office of Information and Technology said 42 servers were "Compromised" and another 25 were deemed "Suspicious," nearly all at the sprawling United Nations offices in Geneva and Vienna.

For [] incentives valuing more than £100, complete 1 Silver, 1 Gold and 8 Platinum offers. You must complete all offers within 20 days of completing your first offer.

Apple this week released software updates to address tens of security flaws in iOS, iPadOS, macOS Catalina, and other products. A total of 23 vulnerabilities were addressed in iOS 13.3.1 and iPadOS 13.3.1, now rolling out for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation.

Much more powerful, deception technologies leverage artificial intelligence and machine learning to enable the automated deployment of fake content, lists, databases and access points that play directly into the attackers' desires and then trap them into false storage or network areas and occupy them until the threat can be contained. Deception technologies enable the sort of proactive defense strategy that the industry can easily adopt to help to reduce data breaches.

It is worth noting, for example, that SCV's existing portfolio of companies are all too early stage or Series A investments to be considered for purchase by the new SVCX. The ability of the SPAC's Board to find a new company or companies and recognize evolving trends is vital to the future of the company - and the SCVX line-up includes a recent director of national intelligence, the current CISO from the Bank of New York, a former Goldman Sachs managing director, and a former chief security scientist from the Bank of America. SecurityWeek talked to Mike Doniger and Hank Thomas about the direction and purpose of the new SPAC. "Some SPACs," Doniger explained, "Are broad in nature, saying they will buy an industrial company or an energy company. We've taken a different approach, with the targeted purpose of buying a cybersecurity firm."