Security News > 2020
P&N Bank has notifed customers of a data breach that resulted in a large amount of sensitive information being compromised. Passwords, birthdate, health information, driver's license numbers, passport numbers, social security numbers, tax file numbers, and credit card numbers were not included in the breach, the bank says.
Billions of internet-connected devices and the introduction of 5G are transforming the way cities and municipalities care for their citizens. Join Dave Masson, Director of Enterprise Cyber Security at Darktrace and Craig Brown, Chief Innovation Officer of the City of Westland, as they explain how artificial intelligence can detect and respond to cyber-threats targeting the public sector.
"Anecdotally, we have found several cases of surprisingly large organizations with valuable data and critical infrastructure with little more than an anti-virus program running on their endpoints prior to our engagement. Even complete network coverage can miss something as straightforward as an attacker returning to an organization with successfully phished credentials." "Having the strategic insight about what attackers are capable of, what kind of tools they are using, and how valuable your data and infrastructure can be is fundamental to understanding the lengths you have to go to protect them."
The operators behind the notorious Emotet malware have taken aim at United Nations personnel in a targeted attack ultimately bent on delivering the TrickBot trojan. Emotet started life as a banking trojan in 2014 and has continually evolved to become a full-service threat-delivery mechanism.
Five major U.S. prepaid wireless carriers - AT&T, T-Mobile, Verizon, Tracfone and US Mobile - are using poor account authentication procedures and techniques that leave their customers open to SIM swapping attacks, according to researchers at Princeton University. Their report, "An Empirical Study of Wireless Carrier Authentication for SIM Swaps," also examined 145 websites, including social media platforms, email providers and cryptocurrency exchanges, which use phone-based authentication to identify a user's identify.
The Cloud Native Computing Foundation this week announced the launch of a public bug bounty program for Kubernetes, with rewards of up to $10,000 per vulnerability. It was originally developed by Google and it's now maintained by the CNCF. The new bug bounty program is hosted by HackerOne and CNCF says it will do its best to respond to submitted reports within one business day, triage vulnerabilities within 10 days, and pay out a bounty within 10 days from triage.
The $380.5 million will be placed into a fund for consumers affected who are part of the class outlined in the lawsuit. It should also be noted that of the 147 million affected by the data breach, approximately 15 million are part of the class action lawsuit.
According to Radware's latest Global Application & Network Security Report, of 561 respondents representing a broad range of organizations worldwide, 27% said their company was hit by nation-state hackers in 2019, a 42% increase compared to 2018, when only 19% of respondents claimed they experienced such attacks. The survey demonstrates that organizations of all sizes consider the threat of nation-state attacks to be serious.
Google is aiming to phase out third-party cookies in Chrome in two years, but that will have to prove palatable to users, publishers, and advertisers. In its post, the search giant said it plans to phase out support for third-party cookies in Chrome within the next two years.
Five years ago, cybersecurity executive Dave Merkel called upon enterprises to shed their "Peacetime" mindsets and adopt a "Wartime" stance against persistent cybercriminals and nation-state actors. Today, as co-founder and CEO of managed security service provider Expel, he revisits this conversation about adopting the wartime mindset in an interview with Information Security Media Group.