Security News > 2020

F5 Networks announced the appointment of Sri Shivananda to its Board of Directors. Shivananda brings a strong leadership background to F5's Board, along with valuable expertise in key technology areas.

A researcher is sounding the alarm over what he believes could be a novel attack vector which allows a hacker to manipulate a PowerPoint file to download and begin the installation of malware, simply by hovering over a hypertext link. "The attack is able to bypass the PowerPoint's restriction of not being able to add a remote file to the HyperLink action, which if we try to add using the GUI, we can't," Satam told Threatpost.

While this move by the government was lauded by many, cybersecurity experts noticed that almost immediately, cybercriminals kickstarted efforts to either steal the money coming to people or set up scams using potential stimulus checks as ways to steal people's information. A number of cybersecurity experts said the scams will resemble the typical IRS and tax season scams that have become increasingly common over the past decade.

Consulting giant Accenture announced this week that it has acquired critical infrastructure protection firm Revolutionary Security for an undisclosed sum. A privately held startup, Philadelphia-based Revolutionary Security provides security solutions for both information technology and operational technology environments.

Several vulnerabilities found by researchers in B&R Automation's Automation Studio software make it easier for malicious actors to launch attacks inside operational technology networks. "The combination of these two vulnerabilities gives an attacker with access to the victim network the ability to conduct an MITM attack and intervene in the software update process," Preminger explained.

The botnet, called dark nexus, uses processes similar to previous dangerous IoT threats like the Qbot banking malware and Mirai botnet. Dark nexus also borrows code and processes previously used by Qbot and the infamous Mirai botnet that launched the 2016 Dyn DDos attack.

Google has finally added the Eyes Open requirement for Google Pixel 4 Face Unlock. The Google Pixel 4 facial recognition feature is already one of the finest on the market.

Service providers and telecom carriers form the backbone of communications and commerce in modern economies. Data from F5 Labs shows that over the past few years DDoS and brute force attacks are the most common vectors for the service provider industry, both when the customer was the ultimate target and when the service provider was.

As more people have been forced to work or stay at home due to the coronavirus , there's been a much greater reliance on virtual meeting software to communicate with co-workers, colleagues, friends, and family. As cybercriminals have been exploiting all aspects of COVID-19 for their own nefarious purposes, so too have they been taking advantage of virtual meeting apps to spread malware.

Bitdefender warns against this dangerous new IoT "Dark nexus" attack that is innovative and cheap for attackers to acquire. "Our analysis has determined that, although dark nexus reuses some Qbot and Mirai code, its core modules are mostly original," Bitdefender said in a 22-page white paper released April 8 about the attacks, "New dark nexus IoT Botnet Puts Others to Shame." While some of its features may be shared with previously known IoT botnets, the way some of its modules have been developed makes dark nexus significantly more potent and robust, the report said.