Security News > 2020

To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function.

A New York state man has been sentenced to five years for an elaborate ATM skimming conspiracy that allowed him to steal at least $390,141 from victims. They then used those counterfeit cards to steal money from the accounts, according to DoJ. Rusu, a Romanian national, was part of a larger ATM skimming scheme that ultimately drained more than $868,000 from accounts.

The more notable part of the announcement is Project Zero's decision to wait to disclose bug details until 90 days elapses, even if a patch becomes available before then. "For the last five years, the team has used its vulnerability disclosure policy to focus on one primary goal: Faster patch development," explained Willis, in a posting on Tuesday on the policy changes.

Interpol announced on Wednesday that it has coordinated an international operation aimed at removing illegally installed cryptocurrency miners from routers located in Southeast Asia. The operation was launched in June 2019 and participants worked over a five-month period to identify compromised routers, alert victims, and install patches that would prevent cybercriminals from controlling the devices.

As tensions between the U.S. and Iran continue to rise, healthcare organizations need to exercise extra vigilance in shoring up their security to defend against potential Iranian cyberattacks on critical infrastructure sectors, says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center. Destructive "Wiper" attacks were carried out by Iran against Saudi Aramco computers in 2012 and the Las Vegas Sands casino in 2014, as well as a long series of distributed denial-of-service attacks on U.S. banks in 2012 and 2013.

Google's Project Zero has updated its vulnerability disclosure policy to keep bug reports closed for 90 days, regardless of whether a patch is out before the deadline or not. The goal of this new policy, Google Project Zero's Tim Willis notes, goes beyond just attempting to speed up patching: thorough patch development and improved patch adoption are also a focus.

A ransomware attack has held London-based foreign currency exchange firm Travelex hostage since at least New Year's Day, the company confirmed Tuesday after more than a week of vague updates. Travelex is a London-based foreign exchange firm that has over 1,000 stores and 1,000 ATMs in major transit points across 26 countries.

The defendant, Scott Crowley, said in a court hearing that he used Imminent Monitor to hack the victims' computer and phone webcams so he could spy on them and film them in various compromising positions, including undressing and having sex. The prosecutor on the case said that in examining Crowley's computer, officers discovered three folders named after each of his victims; these contained images and videos of the women undressing, and in some cases having sex.

UPDATE. Mozilla patched a critical vulnerability actively being exploited in the wild with its latest update to the Firefox browser. The disclosure came a day after Mozilla released its latest Firefox 72 browser on Tuesday.

TikTok, a mobile video app popular with teens, was vulnerable to SMS spoofing attacks that could have led to the extraction of private information, according to infosec researchers. If the user clicked that malicious link, the attacker could access the user's TikTok account and, so Check Point said, manipulate its content by deleting videos, uploading new videos and making private or "Hidden" videos public.