Security News > 2020

Cybercriminals are increasingly directing targeted attacks at specific organizations or individuals, says security provider Positive Technologies. In 2019, the number of targeted attacks outpaced the number of mass attacks, showing that bad actors are adopting a more focused strategy, according to Positive Technologies.

Researchers at WordFence, a company that provides cybersecurity services for WordPress users, has warned of two security problems in a popular WordPress plugin called Rank Math. The creators of Rank Math, it seems, had neglected to put security checks on some of the remote commands that the plugin supports.

What information is being collected online? Who's collecting it? Who should be held responsible for protecting our privacy? And how do we better protect it? A survey conducted by The Harris Poll on behalf of NortonLifeLock delved into those questions and more. The survey of more than 10,000 adults in the US and nine other countries found that more than two-thirds are more alarmed than ever about their online privacy.

This week we bring you the podcast from our makeshift home studios. We discuss Dharma ransomware, the tour guide who turned out to be a Chinese spy, and why thousands of dark web sites suddenly vanished.

Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat actor in attacks aimed at China and Japan. Both vulnerabilities were exploited in attacks before patches were released.

Akamai researchers have seen recycled phishing kits from as far back as July being used in coronavirus-based phishing attacks now. While most of these URLs are new, the phishing kits that operate in the background are not.

TLS 1.0 is over two decades old, and TLS 1.1 was only meant to address some limitations in the former and prevent specific attacks. In October 2018, major browser makers announced that support for the old and insecure TLS 1.0 and 1.1 protocol versions would be removed in March 2020, but such plans have been postponed due to the current COVID-19 pandemic.

Traditionally, the aspect of networks that have had the hardest time adjusting to such rapid change has been security. Endpoint controls - As end-users seek network access from remote locations, many may be using personal devices that are connected to home networks that include children engaged in e-school, other remote teleworkers, and even game, entertainment, and home security solutions.

According to data gathered by a new automated Zoom meeting discovery tool dubbed "zWarDial," a crazy number of meetings at major corporations are not being protected by a password. Lo said a single instance of zWarDial can find approximately 100 meetings per hour, but that multiple instances of the tool running in parallel could probably discover most of the open Zoom meetings on any given day.

WireGuard, a new VPN protocol with both strong performance and easy setup, has been adopted by startup Tailscale as the basis of a peer-to-peer remote networking system that is both secure and quick to configure. WireGuard is an open source VPN which achieved its 1.0 release on March 30th, coinciding with the release of Linux 5.6.