Security News > 2020

In 2019, Google sent nearly 40,000 warnings to accounts that were targeted by state-sponsored phishing or malware attacks, it reported on Thursday. Google's also seen cases wherein attackers first try to chummy up with targets by sending several benign emails to build rapport.

Threat actors have been exploiting a couple of vulnerabilities affecting some DrayTek enterprise routers in attacks that started before patches were released by the vendor. In early December 2019, researchers at the Network Security Research Lab of Chinese cybersecurity firm Qihoo 360 noticed that some DrayTek Vigor routers had been targeted in attacks exploiting a vulnerability which at the time had a zero-day status.

So in this sense, I think that any argument for using surveillance to keep track of covid-19 infections or to provide basic security isn't credible and so can't be simply trusted. If anyone now were to claim that they think they can stop an outbreak by means of surveillance, I think such might as well be deceptive, but also very wrong if the surveillance part isn't really neccessary.

Not unexpectedly, enterprise VPN use has also greatly increased, and so has the use of the Remote Desktop Protocol, a popular and common means for remotely managing a computer over a network connection. The number of devices exposing RDP to the internet on standard ports has grown by 41.5 percent over the past month.

Shortly after our story was published, an infoec bod, who asked to remain anonymous, told El Reg they could access the files in the leaky bucket weeks after it was supposedly taken down. A report from Google claims phishing attacks from government-backed spies are increasingly disguised as messages from journalists.

From the return of the Martinelli WhatsApp hoax to the takedown of hacker forum Deer.io - and everything in between. It's roundup time.

As people increasingly work from home and online communication platforms such as Zoom explode in popularity in the wake of coronavirus outbreak, cybercriminals are taking advantage of the spike in usage by registering new fake "Zoom" domains and malicious "Zoom" executable files in an attempt to trick people into downloading malware on their devices. "The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure, and exploit. Each time you get a Zoom link or document messaged or forwarded to you, I'd take an extra look to make sure it's not a trap."

As women take more senior positions in the field of cybersecurity, there's a shortage of women available to mentor others. That's according to the results of the SANS Institute's first survey on Women in Cybersecurity, here, which found while mentoring is a hugely important part of career progression, only seven per cent of those polled had been mentored by another woman.

Finding skilled cybersecurity professionals to fill organizations' increasing needs is becoming more difficult by the day due to the wide cybersecurity workforce skills gap. Steve Velasco, a senior cybersecurity recruiter at NinjaJobs, a community of information technology veterans devoted to helping companies find vetted, experienced cybersecurity professionals, says that while there certainly seems to be shortage in cyber talent, that shortage is usually tied to geography - and especially so when it comes to incident response, DevSecOps, threat intelligence and penetration testing.

Cybersecurity company Indusface that holds expertise in keeping applications over the internet secure has decided to step up and do our bit to the society. During this unprecedented time, Indusface has announced to support organizations affected by COVID-19 by offering professional cybersecurity protection to their online businesses at free of cost for at least a month.