Security News > 2020

HackerOne announced on Tuesday that the bug bounty program of Chinese technology giant Tencent is now accessible through its platform. More than 600,000 hackers registered on HackerOne can join Tencent's bug bounty program to hunt for vulnerabilities in the company's products.

Patches for 4 Zero-Days Exploited In the Wild Most importantly, two of the security flaws have been reported as being publicly known at the time of release, and the 3 are being actively exploited in the wild by hackers. One of the publicly disclosed flaws, which was also exploited as zero-day, resides in the Adobe Font Manager Library used by Windows, the existence of which Microsoft revealed last month within an early security warning for its millions of users.

Zoom is in crisis mode, facing grave and very public concerns regarding the trust in management's commitment for secure products, the respect for user privacy, the honesty of its marketing, and the design decisions that preserve a positive user experience. Knowing how to respond and manage product security incidents is becoming more important for digital companies.

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. "Essentially, the extensions are phishing for secrets - mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto.

As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals-with no conscience and empathy-are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers. While the security firm didn't name the latest victims, it said a Canadian government healthcare organization and a Canadian medical research university both suffered ransomware attacks, as criminal groups seek to exploit the crisis for financial gain.

To effectively address this critical need, NICE Actimize, the leader in Autonomous Financial Crime Management, announces the launch of KYC Xpress, a cloud solution which automates manual KYC procedures, dramatically increasing the speed of KYC processes by more than 80 percent. NICE Actimize KYC Xpress automates these processes - enabling teams to quickly perform KYC checks with confidence, reducing many hours of manual steps to minutes and minimizing errors by up to 40 percent.

Corporations and public sector organizations can now assess their workforce's exposure to dangerous phishing attacks, which are escalating as social distancing requires most employees to work from home. Managers can now characterize the weaknesses in their staff's ability to defend against phishing and online social engineering scams, thanks to "Can We Be Phished?", a new, freely available online assessment from Click Armor, the Continuous Cybersecurity Awareness Platform.

Fraud related to the coronavirus has cost Americans $13m and so far counting, according to the US government. While authorities have been warning for weeks of various scams and fraud operations based on the coronavirus pandemic, the FTC's report is one of the few to put a dollar amount on the damage being done by criminals.

NeuVector, the leader in Full Lifecyle Container Security, announced the NeuVector platform includes new features - purpose-built for enterprise DevOps and security teams - focused on automated end-to-end vulnerability management and protection, expanded registry scanning, and host protection in production environments. The platform additions include the new Vulnerability and Compliance Explorer for quickly investigating, prioritizing, reporting, and mitigating potentially damaging vulnerability and compliance issues.

PCI Pal Rapid Remote delivers PCI compliant payment services at pace, and enables organizations to quickly continue handling customer payments in a secure and compliant way even when working remotely or from home with minimal notice. With many contact centre agents, and other back-office staff who take payments, now working from home during these unprecedented times, Rapid Remote gives organizations the ability to securely handle payments, while also complying with PCI DSS rules.