Security News > 2020

An exposed Amazon Web Services S3 bucket belonging to RigUp was found to expose tens of thousands of private files belonging to organizations and individuals in the U.S. energy sector, vpnMentor reports. Founded in 2014, United States-based RigUp is a labor marketplace and services provider for the country's energy sector.

Attack matrix for Kubernetes, using the MITRE ATT&CK framework. A good first step towards understand the security of this suddenly popular and very complex container orchestration system....

The Hoaxcalls botnet is actively targeting a recently patched SQL injection vulnerability in Grandstream UCM6200 series devices, security researchers warn. Tracked as CVE-2020-5722 and rated critical severity, the vulnerability exists in the HTTP interface of the impacted IP PBX appliance.

As US citizens wait for President Trump's final decision about whether quarantine will be over by Easter, malware peddlers have already "Decided": quarantine will be prolonged until August 2020. Researchers with anti-phishing startup Inky have spotted two phishing emails purportedly coming from the White House, "Signed" by President Trump.

Researchers have uncovered a database shared on an underground forum containing more than 2,300 compromised Zoom credentials. Etay Maor, chief security officer at IntSights, told Threatpost that the source of the credentials is unknown, but the smaller number of them suggests they didn't come from a Zoom database breach.

Two days after March Patch Tuesday Microsoft released an update for the Windows SMBv3 vulnerability associated with CVE-2020-0796. There is no control over the update being applied on a system running Home edition, so for employees, or their children doing schoolwork, this update could be very disruptive.

Business continuity planning must account for your PKI and all applications that depend on it. Don't forget about renewals - If a CA is down, you'll be unable to issue new certificates, but if your CRL is expired, all your certificates become immediately unusable.

Most enterprises believe embracing the public cloud is critical to fuel innovation, but the majority are not equipped to operate in the cloud securely, according to a DivvyCloud survey of nearly 2,000 IT professionals. "Only 35% of respondents do not believe security impedes developers' self-service access to best-in-class cloud services to drive innovation-meaning 65% believe they must choose between giving developers self-service access to tools that fuel innovation and remaining secure."

NormShield researchers looked for websites using the names of 10 commonly discussed drugs over the last several months. While the number of phishing domains catapulted for chloroquine and azithromycin in particular, domain names containing the eight other drugs increased as well.

Box a leader in Cloud Content Management, announced automated malware detection and controls in Box Shield, the company's advanced security solution for protecting content in the cloud. When malware is identified in Box, Box Shield will now automatically alert the end user, restrict downloads and sharing of malicious files, and notify IT and security teams.