Security News > 2020

Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port. A hacker has published a list of credentials for more than 515,000 servers, home routers and other Internet of Things devices online on a popular hacking forum in what's being touted as the biggest leak of Telnet passwords to date, according to a published report.

Governments in the US and China are at the front of the line when it comes to knocking on Apple's door to request user data relating to fraud/phishing, according to the company's latest transparency report. Like any tech company that handles user data, Apple gets different types of requests: those that are made when an account holder is in imminent danger, those from law enforcement agencies trying to help people find their lost or stolen devices, those asking for Apple's help when thieves rip off credit card data so they can buy Apple products or services on somebody else's dime, and in situations where investigators think an account's been used to do something illegal.

Japanese multinational Mitsubishi Electric has admitted that it had suffered a data breach some six months ago, and that "Personal information and corporate confidential information may have been leaked." According to several reports from Japanese daily newspapers, the company discovered the data breach in late June, when they detected suspicious activities on a server at its Information Technology R&D Center in Kamakura, Kanagawa Prefecture, Japan.

Could ransomware shakedowns against healthcare entities be taking an even uglier turn? In a recent attack on a Florida-based plastic surgery practice, hackers exfiltrated patients' medical records and then demanded a ransom be paid by the clinic and some of its patients to avoid further exposure of the data. "The attackers demanded a ransom negotiation, and as of Nov. 29, 2019, about 15-20 patients have since contacted TCFFR to report individual ransom demands from the attackers threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met."

A researcher has discovered thousands of Tinder users' images publicly available for free online. In 2017, Google subsidiary Kaggle scraped 40,000 images from Tinder using the company's API. The researcher involved uploaded his script to GitHub, although it was subsequently hit by a DMCA takedown notice.

Many of these technologies are already being used in commercial vehicles such as long-haul trucks and delivery vans, agricultural vehicles and industrial equipment. The data security problem for autonomous vehicles extends beyond communications.

"Enzoic for AD is a tool that integrates into Active Directory and enforces additional password rules to prevent users from using compromised credentials," the product's page says. "Unlike products that only check passwords after they are saved, thus requiring subsequent reset by the user, Enzoic validates the password at the time it is being selected. Passwords are then continuously monitored to detect if they become compromised - with automated remediation and alerts. It helps organizations with NIST Password Guideline compliance in Active Directory."

Five security best practices for DevOps and development professionals managing Kubernetes deployments have been introduced by Portshift. Integrating these security measures into the early stages of the CI/CD pipeline will assist organizations in the detection of security issues earlier, allowing security teams to remediate issues quickly.

Vendor revenue from sales of IT infrastructure products for cloud environments, including public and private cloud, declined in the third quarter of 2019 as the overall IT infrastructure market continues to experience weakening sales following strong growth in 2018, IDC reveals. Spending on private cloud IT infrastructure has shown more stable growth since IDC started tracking sales of IT infrastructure products in various deployment environments.

BitDam published a new study on the email threat detection weaknesses of the leading players in email security, and the findings command attention. How Leading Security Systems Prevent Attacks Email security systems address cyber threats by scanning links and attachments to determine if they are safe or not.