Security News > 2020

On Saturday, Troy Mursch of Chicago-based threat intelligence firm Bad Packets reported that his internet scans have identified 3,825 Pulse Secure VPN servers that remain at risk because they have not been updated with a patch to fix a critical vulnerability, designated CVE-2019-1150. The patch for Pulse Secure VPN servers - as with critical patches for VPN servers built by Fortinet and Palo Alto that have also required updates to fix serious flaws since last year - has been available for months.

That ransomware attackers can steal as well as encrypt data isn't a new phenomenon but the possibility that sensitive data might be revealed to the world is potentially more damaging than any short-term disruption caused by the malware. To understand this defiance, consider other recent Maze incidents in which the Maze gang released samples of the stolen data to media, and set up a special website to publish it.

An SQL injection vulnerability in the Government of Gibraltar's website paved the way for any old Joe to rewrite official web versions of the British Overseas Territory's laws. Security researcher Ax Sharma spotted the vuln while poring over the Gibraltar government's visa rules, which he accessed from the Gibraltar Borders and Coastguard Agency website.

The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the laptop and triggers a udev script [1, 2, 3] that executes a series of preset operations.

That IT exec's name is Hicham Kabbaj, and on Friday, he pleaded guilty to one count of wire fraud for having set up a shell company and billing his employer for firewalls and services that "Interactive Systems" never actually installed. Once Company-1 paid up, Kabbaj would slide the cash on over to his own bank account - a scam that netted him a cool $6 million.

Last month, the Pentagon told US military to steer clear of what it sees as a national-security landmine: the singing/dancing/jokey TikTok platform. TikTok has tried to soothe US fears about censorship and national security risks, including a reported plan to spin TikTok off from its parent company.

PCs still running when Windows 7 reaches end of life on the 14th of January will be significantly more at risk of ransomware, Veritas Technologies has warned. Businesses running Windows 7 should prepare themselves in order to avoid the impact that vulnerability to ransomware could have on their organizations.

In order to shift security postures from reactive to proactive positioning, organizations will need to re-evaluate their security strategy so that they are able to shape the attack surface to their advantage and make network traffic analysis solutions the cornerstone of their detection and response capabilities relied on by SOC teams. First, organizations need to know what their security stack contains - what capabilities are present and utilized, what capabilities are missing, and what capabilities may be duplicative.

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone-even if downloaded from the official Google Store store⁠-you have been hacked and being tracked. These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber espionage attacks.

A new report from Juniper Research found that facial recognition hardware, such as Face ID on recent iPhones, will be the fastest growing form of smartphone biometric hardware. The new research, Mobile Payment Authentication: Biometrics, Regulation & Forecasts 2019-2024, however notes that the majority of smartphone facial recognition will be software-based, with over 1.3 billion devices having that capability by 2024.