Security News > 2020

Hijacked Twitter accounts peddling fake cures, scammy sites offering emergency supplies, misinformation campaigns, phishing emails and - can you believe it? - even a computer antivirus solution that protects against COVID-19! What will online scammers think of next? Malwarebytes researchers have spotted a website advertising "Corona Antivirus -World's best protection" - a digital antivirus that supposedly protects against the actual COVID-19.

"The long wait is over," Apple WebKit engineer John Wilander announced on Tuesday: the latest update to the Safari browser is blocking third-party cookies by default for all users. We've added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari.

Cybersecurity firm Forcepoint reports that it has found a number of new phishing and malware scams circulating around the internet with a common theme: They all aim to capitalize on coronavirus and COVID-19 fears. The tactics being used in this current wave of COVID-19 phishing and malware are nothing new: Phishing attempts are seeking to steal email passwords, fake ads are selling scam products, and traditional malware droppers are being found in infected word documents.

During January and February APT41's attacks were concentrated against Cisco devices using previously revealed vulnerabilities and what FireEye speculated was a pre-compiled list of vulnerable devices connected to the internet. In early March the Chinese hackers picked up on CVE-2020-10189, a zero-day remote code execution vuln in Zoho ManageEngine Desktop Central.

Log management platform Humio this week announced that it closed a $20 million Series B funding round, bringing the total investment raised to date to $32 million. In addition to the new funding round, Humio announced the Unlimited Ingest for the Cloud Plan, which is meant to change the cost of scaling to massive volumes in a SaaS environment, and which provides the same benefits as the current Unlimited Self-hosted Plan.

A report released Thursday by Positive Technologies explains how and why existing 4G and new 5G networks can be hurt by Denial-of-Service attacks in particular. Specifically, the company looked at 4G and 5G networks using Diameter signaling protocol, a method for coordinating data among different Internet Protocol network elements.

Millions of knowledge workers are now working from home, with companies like Amazon, Google, Microsoft, and Facebook mandating their employees to work remotely. So what can companies do to ensure the safety and security of their workers and ultimately their business?

People who made purchases from the official Tupperware website over the past couple of weeks may have had their payment card information stolen, cybersecurity firm Malwarebytes warned on Wednesday. The credit card skimmer was planted on the main website and some of its localized versions, Malwarebytes said.

Adobe has released another security patch outside of its usual routine this month to deal with a strange bug that can allow attackers to delete victims' files. Creative Cloud is a subscription-based service that lets users access its range of creative software products from Adobe online, and to use some cloud-based services that support them.

Apple this week announced that third-party cookies are now blocked by default in Safari on macOS, iOS and iPadOS. The feature represents the latest enhancement the Cupertino-based company brought to its Intelligent Tracking Prevention and is meant to improve the privacy of its users by removing previously accepted exceptions. Due to continuous improvements made to ITP, most third-party cookies were already blocked in Safari, but other browser makers are also moving toward blocking cookies by default, and Apple decided to make the final step before others.