Security News > 2020
Smart doorbell company Ring said that it has fired four employees over the past four years for inappropriately accessing customer video footage. "In each instance, once Ring was made aware of the alleged conduct, Ring promptly investigated the incident, and after determining that the individual violated company policy, terminated the individual," according to Ring's Jan. 6 letter, obtained by Motherboard.
For security professionals, it's another year of playing catch up to the bad guys. Organizations can see the threats they face through logs and alerts, but that doesn't mean they have clarity.
A researcher has earned over $15,000 from PayPal for reporting a critical vulnerability that could have been exploited by hackers to obtain user email addresses and passwords. Identified while analyzing PayPal's main authentication flow, the issue was related to PayPal placing cross-site request forgery tokens and the user session ID in a JavaScript file, thus making them retrievable by attackers via cross-site script inclusion attacks.
With 2FA enabled on your Docker Hub account, you'll find you cannot access it with your user password from within the CLI. Jack Wallen shows you how to make this work. If you've recently added two-factor authentication to your Docker Hub account, you've more than likely run into a situation where you can no longer access the account from the command line using the standard username/password credentials.
One of the bigger challenges with the CCPA is the question of tracking the location of that user data, Terry Ray, SVP and fellow with Imperva, tells Threatpost. So CCPA changes a little bit of it in that CCPA says, look, you know, we're not asking everybody to comply to this, we're asking people that are going to store what California considered a reasonable amount of data - 50,000 records - if you store more than that you're relevant to CCPA, you have to start thinking about how am I going to protect that data, monitor that data, find that data and ultimately deal with processes around the potential breach of that data.
Nearly 16,000 malware-infected MicroTik routers have been scrubbed of Coinhive cryptojacking code thanks to an international police operation. The international law enforcement agency Interpol says it launched Operation Goldfish Alpha in June 2019 to target 20,000 hacked routers in Southeast Asia that were being used to mine for cryptocurrency, as well as to raise awareness in the region of the threat posed by cryptojacking.
The cybercriminals behind the TrickBot malware, who are believed to be based in Russia, have been using a new PowerShell backdoor in recent attacks aimed at high-value targets, SentinelLabs revealed on Thursday. Called PowerTrick, the recently discovered backdoor is being deployed, at least in some cases, as a PowerShell task through normal TrickBot infections.
At CES 2020 in Las Vegas, TechRepublic's Teena Maddox spoke with Security Researcher on McAfee's Advanced Threat Research Team Sam Quinn about McAfee's Just in Time jamming technique and what consumers should keep in mind as they live a more connected lifestyle. Sam Quinn: We implemented a Just in Time jamming technique for the state sensor of the MyQ garage door device.
Nearly 16,000 malware-infected MicroTik routers have been scrubbed of Coinhive cryptojacking code thanks to an international police operation. The international law enforcement agency Interpol says it launched Operation Goldfish Alpha in June 2019 to target 20,000 hacked routers in Southeast Asia that were being used to mine for cryptocurrency, as well as to raise awareness in the region of the threat posed by cryptojacking.
Just two days after releasing Firefox 72, Mozilla has issued an update to patch a critical zero-day flaw. Some Linux distros and many businesses stick to Firefox's Extended Support Release because it gets security fixes at the same pace as the regular version, but doesn't force you to take on new features at every update.