Security News > 2020

Rapid7 has launched an open beta of AttackerKB, a community-sourced knowledge base of the latest vulnerabilities. Announcing the beta version in January 2020, Rapid7's Metasploit R&D manager Caitlin Condon, blogged, "When a new vulnerability prompts discussion on Twitter or hits media outlets, the security community collectively participates in a familiar triage process: Is the bug pervasive, exploitable, or both? Is it worth dropping everything to patch or mitigate? Is the expected shelf life long enough that it's worth developing an exploit for? Or is it actually...not useful or interesting?".

Intel has stomped out high-severity flaws in its Next Unit Computing mini PC firmware, and in its Modular Server MFS2600KISPP Compute Module. Discontinuation Notice for MFS2600KISPP. One of the high-severity flaws stems from a compute module used in Intel's modular server system, which is a blade system for Intel motherboards and processors first introduced in 2008.

Now, the FBI is warning that threat actors are taking advantage of efforts to procure PPE and critical equipment such as ventilators with new business email compromise and other scams aimed at defrauding those seeking the supplies. These so-called "Advance-fee schemes" are among several new fraud campaigns the feds have observed, alongside more typical BEC scams.

In the past, I have been in multiple toxic environments and have learned how to navigate through them. Even in those types of environments, the security team must work to minimize risk and defend the organization from information security threats.

The recently disclosed attack aimed at two websites pertaining to the San Francisco International Airport is the work of Russian hackers, ESET claims. In March, two SFO websites were found to have been compromised by hackers and injected with code designed to steal visitors' Windows login credentials.

Cybercriminals are deploying COVID-19-themed gift card scams, wire transfer scams, and payroll scams aimed at organizations and their employees, according to security provider Trustwave. Phishing emails are a favorite tactic used by scammers to try to convince people to share account credentials, financial information, and other private data.

Once a year, Nokia Bell Labs makes that forum a reality, where robust proposals that have the potential to revolutionize the future of human experience are presented and debated. If you think your idea could be one of them, the Nokia Bell Labs Prize is for you.

Awake Security, a California-based company that specializes in network traffic analysis, has raised $36 million in a Series C funding round. The investment, which brings the total raised by Awake to nearly $80 million, was led by Evolution Equity Partners, with participation from Energize Ventures, Liberty Global Ventures, Bain Capital Ventures, and Greylock Partners.

Oracle this week released its April 2020 collection of security patches, which includes a total of 397 fixes for vulnerabilities affecting two dozen products. Roughly 60 of the newly addressed vulnerabilities are considered critical severity, with more than 55 of them featuring a CVSS score of 9.8.

The United States agencies today released a joint advisory warning the world about the 'significant cyber threat' posed by North Korean state-sponsored hackers to the global banking and financial institutions. Besides a summary of recent cyberattacks attributed to North Korean hackers, the advisory-issued by U.S. Departments of State, the Treasury, and Homeland Security, and the FBI-also contains a comprehensive guide intends to help the international community, industries, and other governments defend against North Korea's illicit activities.