Security News > 2020

ACROS Security's 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks. Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability.

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT "Smart" devices.

California-based secure DevOps company Sysdig on Wednesday announced that it raised $70 million in a Series E funding round, which it plans on using to fuel global expansion, including through significant investments in sales and marketing. This Series E round brings the total raised by Sysdig to $206 million.

These guys aren't just launching attacks that kick all players on a targeted server out of a game, or degrade the game performance down to sludge, Ubisoft alleges. Defendants are well aware of the harm that the DDoS Services and DDoS Attacks cause to Ubisoft.

Apple previously scuttled plans to add end-to-end encryption to iCloud backups, in part because such a move would have complicated law enforcement investigations, Reuters reports. Reuters' scoop highlights a behind-the-scenes compromise that explains what happened, with Apple reportedly opting to not use end-to-end encryption for iCloud backups as it faced increasing pressure from the U.S. government to ensure investigators could access user data.

Haurus charged 100 to 300 euros or more for fake identification cards, driver's licences or birth certificates, as well as bank documents, phone records or GPS coordinates for tracking specific individuals. "You provide the identity/registration number to copy, or your own requests, and I'll find what you need," read one message from Haurus on the Blackhand v2 forum, according to details of the investigation seen by AFP. Haurus even touted a "Starter pack" of a French driver's licence, an ID card and six blank cheques, for 500 euros instead of 680 euros.

Last week, Threatpost conducted a reader poll and almost 60 percent of 230 security pundits thought it was a "Good idea" to publish PoC code for zero days. Joseph Carson, chief security scientist at Thycotic, told Threatpost that while he thinks PoC exploits can have a positive impact, "It is also important to include what defenders can do to reduce the risks such a methods to harden systems or best practices."

NIST has released a Privacy Framework to help you get your house in order. The brand new Privacy Framework 1.0 is the equivalent document for protecting peoples' personal privacy.

Honeywell's Maxpro VMS and NVR, network video recorders and video management systems deployed in commercial, manufacturing and energy facilities around the world, sport critical vulnerabilities that may allow attackers to take control of them. Patches available for the Honeywell Maxpro vulnerabilities.

Another company has ended up accidentally spilling sensitive data from business collaboration tool Trello. According to a Daily Telegraph report, the company that put the boot to its own throat this time is office space company Regus, which posted performance ratings of 900 managers to a public Trello board.