Security News > 2020

Organizations will likely need to embrace more automation across all security and compliance-related processes.

To find the right services that complement specific resource gaps, enterprises should first fully assess their own security current state.

For much of Android's existence, Google has adopted a relatively hands-off approach that lets manufacturers ship units with pre-installed bloatware which, in many cases, cannot be easily removed. "Android Partners - who use the Android trademark and branding - are manufacturing devices that contain pre-installed apps that cannot be deleted, which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent," the letter states.

Officials at the Albany International Airport paid a ransom to cybercriminals after the facility's systems were hit with the Sodiniokibi ransomware strain on Christmas, the Albany Times Union reports. At no point did the ransomware attack affect the airport's day-to-day operations, airport officials said.

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple, whose brand by many measures remains among the most-targeted. "While maps-icloud[.]com is not a particularly convincing phishing domain, a review of the Russian server where that domain is hosted reveals a slew of far more persuasive links spoofing Apple's brand. Almost all of these include encryption certificates and begin with the subdomains"apple.

UPDATED. Multiple cable modems used by ISPs to provide broadband into homes have a critical vulnerability in their underlying reference architecture that would allow an attacker full remote control of the device. Dubbed "Cable Haunt" by researchers at Lyrebirds, the bug is found in cable modems across multiple vendors, including Arris, COMPAL, Netgear, Sagemcom, Technicolor and others.

Proof-of-concept exploit code has been released for an unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products. The vulnerability, which Threatpost reported on in December, already packs a double-punch in terms of severity: Researchers say it is extremely easy to exploit, and affects all supported versions of Citrix Gateway products and Citrix ADC, a purpose-built networking appliance meant to improve the performance and security of applications delivered over the web.

Cyber threat intelligence has been a growing part of the cybersecurity industry for the past several years. Let's consider the term "Cyber threat intelligence." "Cyber" limits us to the digital realm, yet our teams are built on intelligence principles that are equally applicable in the physical world.

One of the biggest threats on the horizon: artificial personas are coming, and they're poised to take over political debate. Over the years, algorithmic bots have evolved to have personas.

The managing director of a Manchester-based infosec firm has been fined for flying his helicopter into an air traffic control zone without permission - having first launched a rant at tower controllers. Joel Tobias, a helicopter owner and pilot who was described by the Manchester Evening News as a "Wealthy businessman", was fined £1,600 plus £870 in legal costs after his on-frequency rant at air traffic controller Andrea Tolley.