Security News > 2020

Was there a big, bad security bug in Microsoft Windows waiting to be announced the next day? This time, the NSA gave the bug to Microsoft to patch the hole proactively, and here we are!

Iranian-led disinformation campaigns and other cyberthreats against the U.S. are likely to surge in the aftermath of Iranian Major General Qasem Soleimani's death, security and political experts told the House Homeland Security Committee Wednesday. Rep. Bennie Thompson, D-Miss., the chairman of the Homeland Security Committee, noted during his opening remarks that this geopolitical tension could have "Dire consequences" for U.S. homeland security and asked the experts testifying to help lawmakers better understand the potential cyberthreats from Iran and its proxies.

While infosec has always been an imperative, in a cloud environment, BMC Software's Rick Bosworth says it is especially critical since the liability does not rest with cloud service providers for secure resource configuration. "It is absolutely not the responsibility of the cloud service provider to make sure that those resources are securely configured," states Bosworth, a director of marketing at BMC. "If you check the T&Cs of your contract with your cloud service provider, under the shared responsibility model it is incumbent on the enterprise themselves, the users themselves to make sure those IaaS and PaaS services are securely configured."

This week we look at VPN vulnerabilities [11:13], dig into the Snake ransomware [23:11], and decide whether our phones are spying on us [32:09]. Mark also revisits his growing list of pet peeves and Anna tests whether getting deep fake feet to your phone via SMS is real.

On January 13, 2020, a federal court approved the proposed settlement for the class action suit filed against Equifax over the massive data breach it disclosed in September 2017. As announced in July 2019, impacted individuals have until January 22, 2020, to submit claims for the free credit monitoring services or the alternative reimbursement compensation offered in the settlement, to receive reimbursement for Equifax services, or to receive reimbursement for out-of-pocket losses and/or time spent dealing with the data breach.

As if ransomware wasn't already bad enough, more ransomware gangs are now exfiltrating data from victims before leaving systems crypto-locked. In the past, many ransomware gangs claimed to have exfiltrated data from victims and threatened to leak it unless their demands were met.

TEL AVIV, Israel - An Israeli court heard a case Thursday calling for restrictions to be slapped on NSO Group, an Israeli company that makes surveillance software that is said to have been used to target journalists and dissidents around the world. The case, brought by Amnesty International, calls for Israel to revoke the spyware firm's export license, preventing it from selling its contentious product abroad, particularly to regimes that could use it for malicious purposes.

Two proof-of-concept exploits have been publicly released for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft. The two PoC exploits were published to GitHub on Thursday.

Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police....

Security devices can no longer rely on off-the-shelf CPUs to process security traffic because they are slow, inefficient, and extremely expensive. Security devices need access to the same enhanced performance that is only provided by specialized security processors so things like inspecting encrypted traffic, analyzing raw data, and moving from detection to prevention can happen at the speeds that digital business requires.