Security News > 2020

Operators of the Sodinokibi Ransomware as a Service recently published over 12GB of data that allegedly belongs to one of its victims - Brooks International - that refused to pay ransom. Sodinokibi - a GandCrab derivative blamed for numerous attacks that took place last year - is a prime example of RaaS. BleepingComputer shared a screengrab of one such hacker forum post that showed a member advertising a link to the stolen data for 8 credits: that's worth about €2.

Firefox Extended Support Release will continue to have FTP turned on by default in ESR version 78. A part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past.

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system-including Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support on January 14, 2020.

A wide variety of Zyxel and LILIN IoT devices are being conscripted into several botnets, researchers have warned. Users are advised to implement the provided firmware updates to plug the security holes exploited by the botmasters or, if they can't, to stop using the devices altogether or to put them behind network firewalls.

I previously wrote about hacking voice assistants with lasers. Voice assistants - the demo targeted Siri, Google Assistant, and Bixby - are designed to respond when they detect the owner's voice after noticing a trigger phrase such as 'Ok, Google'.

From the EARN IT Act to the Martinelli hoax - and everything in between. It’s your weekly security roundup.

That's according to Professor Marylouise McLaws, a technical adviser to the World Health Organization's Infection Prevention and Control Global Unit. McLaws - a professor at the University of New South Wales' School of Public Health and Community Medicine in Australia, and a member of European, US and UK epidemiology and infection control bodies - told The Register tracking played a key role in nations that were able to flatten the exponential curve of COVID-19 cases - particularly Singapore, Taiwan and South Korea.

As happens every time there is a major news event, scumbags exploit the public's interest to spread malware. This time, criminals have picked on the World Health Organization's handling of the global COVID-19 coronavirus pandemic.

Is crowdsourced security really a panacea to the ills of traditional pentesting or does it create more issues? Before we tackle this let's cover what the issues of traditional pentesting actually are. A tactical solution to this has been to "Cycle" pentesting suppliers each year but - the pentesting pool of talent being so small and specialized - I've witnessed companies ending up with the same pentester two years in a row, but now working for a different company!

From Marriott to Facebook, the biggest data breaches in 2019 were the result of careless handling of customer data. IBM's 2019 Cost of a Data Breach Report found that data breaches on average cost organizations $3.92 million per incident.