Security News > 2020

UK-based financial technology company Finastra is investigating a cybersecurity incident that may involve a piece of ransomware infecting some of its systems. Finastra has not shared any details about the attack.

Over the course of two days, hacking teams ranging from Flourescence, RedRocket CTF and Synacktiv attempted to hack Adobe's Acrobat Reader and Apple's macOS and virtualization platforms such as Oracle VirtualBox. During one hacking attempt, the Fluoroacetate team of Amat Cama and Richard Zhu, targeted Adobe Reader and then Windows with a local privilege escalation attack.

Over the course of two days, hacking teams ranging from Flourescence, RedRocket CTF and Synacktiv attempted to hack Adobe's Acrobat Reader and Apple's macOS and virtualization platforms such as Oracle VirtualBox. During one hacking attempt, the Fluoroacetate team of Amat Cama and Richard Zhu, targeted Adobe Reader and then Windows with a local privilege escalation attack.

A new variant of the notorious Mirai malware has been delivered by cybercriminals to network-attached storage devices made by Zyxel through the exploitation of a recently patched vulnerability. Zyxel informed customers last month that some of its NAS devices and firewalls are affected by a critical vulnerability - tracked as CVE-2020-9054 - that can be exploited by a remote, unauthenticated attacker to execute arbitrary code on affected devices.

British police are saying coronavirus-related fraud reports have spiked by 400 per cent over the past six weeks as the COVID-19 illness continues its inexorable march through humanity. Although absolute numbers of reports are low, perhaps kept that way because the public now knows Action Fraud is largely useless, the National Fraud Intelligence Bureau said there were a total of 200 reports of coronavirus scams made to them since 1 February.

Threatpost editors discuss this week's top news stories from COVID-19 themed malware attacks to Pwn2Own updates.

Threatpost editors discuss this week's top news stories from COVID-19 themed malware attacks to Pwn2Own updates.

Justin Jett, director of audit and compliance at analytics company Plixer, said as more and more employees begin working from home, organizations are struggling to maintain network privacy and handle security issues. "Because of bandwidth capacity issues, many organizations are struggling to provide secure VPN connections for all of their remote employees. This can result in employees not using the VPN, or having a significantly poor experience as compared to when in the office. Since not all employees understand how VPNs work, some employees are bound to engage in activities, like streaming video, that drastically tax the bandwidth for all users," Jett said.

This week, Duck advises on how to keep your company safe while working remotely, Peter discusses malwareless ransomware attacks, and Mark shares the latest in the EARN IT saga. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. The Kubernetes pod security policy is a resource that controls the security of a pod specification.