Security News > 2020

Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground's most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach. A spokesperson for Wawa confirmed that the company today became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the data security incident announced by Wawa on December 19, 2019.

As a result, Huawei will be excluded from the sensitive "Core" parts of new 5G and gigabit-capable networks. On Wednesday, the European Commission endorsed guidelines for 5G networks that would allow European Union member states to decide whether to allow "High risk" telecommunications groups, including Huawei, in their networks, The Hill reports.

The cancellation - or postponement, depending on how optimistic you want to be - was announced by the DEF CON team on Monday, a little more than ten weeks before the confab was scheduled to take place in Beijing. "China has announced a six-month hold on events like ours as part of the effort to combat the coronavirus outbreak," the DEF CON team said.

The security proposals released Monday mainly focus on improving the security of passwords by ensuring that they are not resettable to any universal factory setting as well as refining the way IoT manufacturers disclose vulnerabilities in their connected devices. The goal of these proposals is to provide greater security protections as the number of connected devices, including security cameras, routers, smart home devices and autonomous vehicles, increase.

A vulnerability in the Zoom online meeting system could allow attackers eavesdrop on meetings and view all shared content, Check Point security researchers have discovered. What Check Point's security researchers discovered was that an attacker could predict Meeting IDs and potentially join active meetings.

Today, I want to take a closer look at the PCI DSS 3.2 standard, starting with Requirement 8 and gradually making our way to Requirement 8.3.2. The standard specifically uses CDE, or the cardholder data environment, instead of "Sensitive data," but the concept is the same - make sure the person requesting access is truly who they claim to be.

According to SentinelLabs, which has seen attacks involving Snake for the past month, files encrypted by this ransomware are difficult or impossible to recover without paying the ransom demanded by the attackers. Snake targets a wide range of files, but avoids encrypting system files and folders.

Privacy advocates allege Ring goes so far as to silently deliver updates on Ring customer usage to Facebook, even if the Ring owner doesn't have a Facebook account. The EFF performed dynamic analysis on the Ring for Android mobile app, using the "Mitmproxy" tool running on a Wi-Fi access point connected to the doorbell.

Many executives either don't know what their company's cyber defense is, lack budget, or spend too much time analyzing rather than taking action. In a new poll of 2,800 cyber security practitioners and C-suite executives, 65% cite destructive cyber attacks like NotPetya as a top cyber security concern.

Compliance is putting pressure on how organizations manage privileged access on these systems, which are storing petabytes of user and customer data. The nature of Linux makes it very hard to understand who is in your cloud at any given moment - resulting in breach detection times of over 200 days.