Security News > 2020

Consumers should care more about browser security, which is why the primary browser providers keep focusing on privacy improvements. Despite all the improvements to the various browser options in terms of performance and privacy, people tend to stick with what they have, seemingly forever.

A Georgia man has admitted in court to employing a third-party to launch a distributed denial of service attack. Preston is the co-founder of BackConnect Security LLC, a company that provides protection against large-scale DDoS attacks.

The encryption technology Microsoft uses to protect Windows file systems can be exploited by ransomware. So says the research team at Safebreach Labs, which has demonstrated how file-scrambling software nasties can not only tap into the Windows Encrypting File System but also avoid anti-malware tools.

Trend Micro researchers have set up a factory honeypot and found that industrial organizations should be more concerned about attacks launched by profit-driven cybercriminals rather than the threat posed by sophisticated state-sponsored groups. The honeypot mimicked a factory and was designed to be as realistic as possible.

Trend Micro announced the results of research featuring a honeypot imitating an industrial factory. The highly sophisticated Operational Technology honeypot attracted fraud and financially motivated exploits.

From when GDPR went into full effect on May 25, 2018, until Friday, EU data protection authorities also imposed €114 million in fines under the privacy regulation for a wide variety of infringements, not all involving data breaches. The report doesn't count the U.K. Information Commissioner's Office stating that it intends to fine Marriott International $130 million and to fine British Airways $239.5 million for data breaches that occurred after GDPR went into full effect, since those penalties have yet to be finalized.

Could ransomware shakedowns against healthcare entities be taking an even uglier turn? In a recent attack on a Florida-based plastic surgery practice, hackers exfiltrated patients' medical records and then demanded a ransom be paid by the clinic and some of its patients to avoid further exposure of the data. "The attackers demanded a ransom negotiation, and as of Nov. 29, 2019, about 15-20 patients have since contacted TCFFR to report individual ransom demands from the attackers threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met."

Citrix has issued its first set of patches fixing a nasty vulnerability that's been hanging over some of its biggest products. Patches for ADC and Citrix Gateway 11.1 and 12.0 were made available on 19 January with versions 12.1, 10.5, and 13.0 to follow on 24 January.

SIM hijacking - or SIM swapping - is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Sometimes this involves people inside the phone companies.

Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. Mitsubishi Electric says data it believes was exposed during the attack includes records belonging to 1,987 job applicants, employee data for 4,566 new graduate recruitment applicants, information on 1,569 retired employees, as well as corporate-confidential technical and sales materials.