Security News > 2020

Tom: Well, yeah, I will say that in a situation when you have a zero day or you have an unpatched vulnerability, I could make an argument that it is irresponsible and you know the disclosure of a PoC might be better suited for a bad channel as opposed to a chest-beating researcher who just wants some fame and maybe not so much fortune. I think it was called Cable Haunt and it was in multiple cable modems that are used by ISPs to provide broadband into homes so you know what's going on there?

As you can imagine, the way the hackers got in is supposed to have been by means of phishing attacks. The good news is that most of us have learned to spot obvious phishing attacks these days.

A cyberattack targeting one of the largest banks in the U.S. that stops the processing of payments likely would have a major ripple effect throughout the financial system, according to a new report from the Federal Reserve Bank of New York. The impact of a cyberattack would increase if the banks strategically responded by not sending out payments and hoarding their money and assets, which the study says is likely.

Several industry professionals have shared thoughts with SecurityWeek about the vulnerability, its impact, and the possible reasons why the NSA disclosed it rather than using it in its own operations. "While this is a serious vulnerability that should be patched, there's no need to panic. When you look at the vulnerability and the number of affected systems, this does not reach the level of Heartbleed or WannaCry scenarios from the past. Also, our research shows that behavioral analysis of malware still detects malware as malicious, even if it's signed with an ostensibly legitimate certificate."

The FBI has changed its policy around election cybersecurity and said it will now notify state officials in the event that local election systems are hacked. Previously, the FBI would inform these parties but didn't necessarily share the information with state election officials, a move that came under fire from state lawmakers and Congress for not going far enough to protect the integrity of elections from cyberattacks.

The FBI has created a new policy to give "Timely" breach notifications to state and local officials concerning election hacking and foreign interference. It will also require agents to work directly with state and local election officials to identify and mitigate cyberthreats to election infrastructure as quickly as possible, according to the FBI announcement.

Data-centric approaches are a powerful way of increasing the adaptability and profitability of your business.

Attackers often buy ‘look-alike’ domains in order to impersonate a specific brand online.

P&N Bank in Perth, Australia, says a server upgrade gone wrong led to the breach of sensitive personal information in its customer relationship management system. The CRM system contains names, mailing addresses, email addresses, phone numbers, customer numbers, ages, account numbers, account balances and what the bank described as other "Nonsensitive" data related to interactions with customers.