Security News > 2020

Russia has blocked a second encrypted email provider, Swiss-based ProtonMail, in efforts to halt a prolonged series of anonymous bomb threats, the security service said Wednesday. The FSB security service said Russia acted against Geneva-based ProtonMail after blocking another social network, Netherlands-based Smartmail, for the same reason last week.

Attacks against endpoints have become more costly, up more than $2 million since 2018. With the rise in BYOD and employees working from home or remotely, endpoints have become more prevalent.

A long-running marketplace for selling stolen payment card data is advertising a large new batch linked to the breach at Wawa convenience stores late last year. Joker's Stash claims its latest dump contains as many as 30 million payment cards from 40 states.

The NHS has suffered 209 successful ransomware attacks since 2014, according to new figures based on Freedom of Information requests, but with a dramatic improvement since 2017, the year WannaCry ransomware hit the health service. The WannaCry attack in 2017 - famously thwarted by Brit white hat hacker Marcus Hutchins - caused a spike to 101 incidents and we know many of these were severe.

As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice-significantly increasing the Managed Security Service Provider market opportunities. This is beginning to change as a result of certain security vendors, like Cynet, that provide a purpose-built partner offering that enables IT integrators, VARs, and MSPs to provide managed security service with zero investment in hardware or personnel.

Measurement instruments that support the Standard Commands for Programmable Instruments protocol are exposed to hacker attacks, cybersecurity firm Trend Micro warned on Tuesday. First released in 1990, SCPI is an ASCII-based standard designed for test and measurement devices.

Qualys researchers have discovered a critical vulnerability in OpenBSD's OpenSMTPD mail server, which can allow attackers to execute arbitrary shell commands on the underlying system as root. OpenSMTPD is an open source implementation of the Simple Mail Transfer Protocol.

Its home state, Maryland, also knows how to swiftly propose mind-bogglingly bad legislation that would outlaw possession of ransomware and put researchers in jeopardy of prosecution. It's not supposed to keep researchers from responsibly researching or disclosing vulnerabilities, but like other, similar "Let's make malware more illegal" bills before it, SB 30's attempts to protect researchers could "Use a little more work," as pointed out by Ars Technica's Sean Gallagher.

Google claims it paid out over $6.5 million through its bug bounty programs in 2019, which brings the total awarded by the company since the launch of its first program in 2010 to more than $21 million. The total amount paid out in 2019 was nearly double compared to the previous year, and Google says the researchers who took part in its bug bounty programs donated an all-time-high of $500,000 to charity.

To comply with California's new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. The form proceeds to state that, as part of signing up for a rewards card, Ralphs "May collect" information such as "Your level of education, type of employment, information about your health and information about insurance coverage you might carry."