Security News > 2020

Windows users under attack via two new RCE zero-daysAttackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems. Widely available ICS attack tools lower the barrier for attackersThe general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology networks and industrial control systems.

Criminals are preying on a fearful public and disrupting the provision of medical care during the coronavirus pandemic by selling counterfeit products, impersonating health workers and hacking computers as many citizens do their jobs online at home, European law enforcement agency Europol said Friday. "Criminals have quickly seized the opportunities to exploit the crisis by adapting their modes of operation or developing new criminal activities," Europol Executive Director, Catherine de Bolle said in a statement.

As the global coronavirus pandemic pushes the popularity of videoconferencing app Zoom to new heights, one web veteran has sounded the alarm over its "Creepily chummy" relationship with tracking-based advertisers. Doc Searls, co-author of the influential internet marketing book The Cluetrain Manifesto last century, today warned [cached] Zoom not only has the right to extract data from its users and their meetings, it can work with Google and other ad networks to turn this personal information into targeted ads that follow them across the web.

Revealing yet another super-power in the skillful squid, scientists have discovered that squid massively edit their own genetic instructions not only within the nucleus of their neurons, but also within the axon - the long, slender neural projections that transmit electrical impulses to other neurons. This is the first time that edits to genetic information have been observed outside of the nucleus of an animal cell.

If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.

Every network administrator needs to know how to listen to port traffic on a server. Here's one way to do it on Linux.

Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems. "One reason for this decline is that our new protections are working-attackers' efforts have been slowed down and they're more deliberate in their attempts, meaning attempts are happening less frequently as attackers adapt," Google says.

KEEN is providing shoes to people most impacted by the COVID-19 pandemic, but their website was bombarded by malicious bots. The coronavirus pandemic is affecting every aspect of our lives and dozens of companies are chipping in to help those affected most by the current crisis.

Financially-motivated hackers believed to be operating out of Russia recently targeted companies in Western Europe, and the attacks apparently involved a combination of two Windows vulnerabilities that Microsoft did not expect to be exploited. According to Singapore-based cybersecurity firm Group-IB, the threat groups tracked as TA505 and Silence - the company previously found links between the two groups - targeted at least two pharmaceutical and manufacturing companies in Belgium and Germany in late January.

A run-down of Cisco's 2020 CISO Benchmark Report.