Security News > 2020

Cloud security firm CloudKnox Security today announced that it has raised $12 million in a new funding round, which brings its total funding to $22.75 million. Founded in 2015 and headquartered in Sunnyvale, California, CloudKnox provides a cloud security platform designed to monitor and manage identities, actions, and resources across private and public cloud infrastructure.

Several potentially serious vulnerabilities have been found in patient monitoring products made by GE Healthcare, the DHS's Cybersecurity and Infrastructure Security Agency and healthcare cybersecurity firm CyberMDX revealed on Thursday. GE Healthcare has also inadvertently exposed SSH private keys, making it possible for hackers to remotely connect to devices and execute malicious code.

A U.S. government agency was targeted with spear phishing emails harboring several malware strains - including a never-before-seen malware downloader that researchers call "Carrotball." One of the malicious documents also included a new malware downloader that researchers dubbed Carrotball.

The malvertising-focused trojan known as Shlayer has burbled to the top of the malware heap when it comes to targeting Mac users. Shlayer is a trojan downloader, which spreads via fake applications that hide its malicious code, according to Kaspersky.

The campaign was using the heightened tension in the region following the killing of Iranian general Qasem Suleimani at a Baghdad airport, and used emails purporting to come from the Ministry of Foreign Affairs of the Kingdom of Bahrain, Saudi Arabia, and the United Arab Emirates. The use of legitimate public services in malware attacks is a growing trend among attackers.

If your organization does software development in-house, there are a myriad of development workflows and processes to choose from. Some organizations still implement old-school waterfall development workflows; some are agile shops.

The FBI's Internet Crime Complaint Center has issued an alert warning that fraudsters are using spoofed job application portals and websites to steal personal information, including payment card details, from would-be applicants. "Cybercriminals now pose as legitimate employers by spoofing company websites and posting fake job openings on popular online job boards," according to the FBI alert.

U.N. human rights experts are asking Washington to investigate a suspected Saudi hack that may have siphoned data from the personal smartphone of Jeff Bezos, Amazon founder and owner of The Washington Post. Bezos went public with the suspected hack shortly thereafter, saying the National Enquirer tabloid had threatened to publish his private messages and photos.

Small and midsized businesses sometimes lack the internal skills and staff to fully handle their cybersecurity, prompting them to outsource their security protection to channel partners. Though such partners are increasingly adding security to the mix of services they offer, businesses can still be vulnerable to cyberattack due to certain internal limitations and barriers.

A critical Cisco vulnerability exists in its administrative management tool for Cisco network security solutions. The flaw exists in the web-based management interface of the Cisco Firepower Management Center, which is its platform for managing Cisco network security solutions, like firewalls or its advanced malware protection service.