Security News > 2020

To ease some of the burden, many organizations have started migrating their security tools to the cloud. Based on a survey of 130 security practitioners, Exabeam's report found that 52% of the respondents started moving to cloud-based security products during or before 2018.

A global survey of 1,000 security professionals commissioned by industrial cybersecurity company Claroty has revealed that over 70% would rather work in IT enterprise cybersecurity than industrial security. Globally, over 75% of IT security pros said they prefer enterprise cybersecurity to industrial cybersecurity.

The Federal Bureau of Investigation recently took down a Russian-based online platform where various cybercrime products and services were being sold, the Department of Justice announced on Tuesday. In addition to shutting down the platform, the FBI arrested its suspected administrator, alleged Russian hacker Kirill Victorovich Firsov.

Security patches released this week by Apple for many of its products address a variety of vulnerabilities, including multiple issues that could lead to arbitrary code execution on the affected devices. The patched flaws could result in the execution of arbitrary code with system or kernel privileges, leak of kernel memory, privilege escalation, leak of sensitive information, disclosure of restricted memory, or code signing bypass.

Between Jan. 20 and March 11, researchers observed APT41 exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of the widespread espionage campaign. Starting on Jan. 20, researchers observed the threat group attempting to exploit the notorious flaw in Citrix Application Delivery Controller and Citrix Gateway devices revealed as a zero-day then patched earlier this year.

Infosec firm Malwarebytes, which made the discovery, has gone public with its findings today after alleging Tupperware ignored attempts to alert it and to get the malware removed from its payment processing pages. "On March 20, Malwarebytes identified a targeted cyberattack against household brand Tupperware and its associated websites that is still active today. We attempted to alert Tupperware immediately after our discovery, but none of our calls or emails were answered," said Malwarebyes in a statement.

A phisher's treasure chest of personally identifiable information for General Electric employees has been exposed - thanks to the compromise of one of the company's partners, Canon Business Process Services. The impact of the breach effects current and former GE employees and beneficiaries entitled to benefits, the conglomerate said.

A China-linked threat actor tracked as APT41 has targeted many organizations around the world by exploiting vulnerabilities in Citrix, Cisco and Zoho ManageEngine products, FireEye reported on Wednesday. "It's unclear if APT41 scanned the Internet and attempted exploitation en masse or selected a subset of specific organizations to target, but the victims appear to be more targeted in nature," FireEye said.

The TrickBot trojan has a new trick up its sleeve for bypassing a new kind of two-factor authentication security method used by banks - by fooling its victims into downloading a malicious Android app. Researchers first discovered the mobile app after a September 2019 tweet by CERT-Bund flagging TrickBot using man-in-the-browser techniques.

The Remote Code Execution vulnerabilities affect Adobe Type Manager Library, the part of Windows that manages PostScript Type 1 fonts. Importantly the same danger would arise even if users viewed that document using the Windows File Explorer file manager preview features.