Security News > 2020

Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. Update, 5:21 p.m. ET: Finastra has acknowledged that it is battling ransomware.

Cybersecurity researchers say UK-based document printing and binding company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military, by leaving an AWS S3 bucket unprotected. The exposed data included names, addresses, email addresses, passport scans, partial payment information, order details, copyrighted publications, teacher's guides, certifications and diplomas, medical documents, floor plans, personal photos, and documents that users likely paid for, such as university course materials and diet and exercise plans.

Well, hang on to your hats, hosts: before you set up meetings, you need to know how to block the trolls. As TechCrunch reports, on Tuesday, WFH Happy Hour - a popular daily public Zoom call hosted by The Verge reporter Casey Newton and investor Hunter Walk - got ZoomBombed.

The Russia-linked cyber-espionage group known as Pawn Storm has been leveraging hijacked email accounts to send phishing emails to potential victims, Trend Micro's security researchers reveal. For years, Pawn Storm has relied on phishing to gain access to systems of interest, but Trend Micro observed a shift in tactics, techniques, and procedures in May 2019, when the group started using the compromised email accounts of high-profile targets to send credential phishing emails.

Traditional network address-based security controls aren't as effective for the cloud or internal networks. Security controls based on network addresses have a long and distinguished history of success at protecting organizations, but they are also not without certain limitations.

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. Security experts at Palo Alto Networks said Thursday their sensors detected the new Mirai variant - dubbed Mukashi - on Mar. 12.

Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database, according to a notification letter published on Twitter this week. Open Exchange Rates provides foreign exchange data for over 200 currencies worldwide, including digital ones.

In Red Canary's 2020 Threat Detection Report, the company analyzed six million investigative leads from January 2019 to December 2019, honing in on the most prevalent cyberattack techniques faced by organizations worldwide. Malware strains like TrickBot and Emotet were widespread according to threat detection and response specialists at Red Canary.

We've already covered a variety of COVID-19-themed scams, phishing attempts, hoaxes and malware delivery campaigns, but new and inventive approaches are popping up daily. "BEC attacks are often delivered in stages. The first email sent is typically innocuous, meaning that they do not contain the attacker's end goal. The attackers craft plausible scenarios in hopes the recipient will reply. Once they're on the hook, the attacker will send their true ask.," the researchers explained.

In the midst of the ongoing coronavirus pandemic, facial recognition technology is being adopted globally as a way to track the virus' spread. But privacy experts worry that, in the rush to implement COVID-19 tracking capabilities, important and deep rooted issues around data collection and storage, user consent, and surveillance will be brushed under the rug. "While facial recognition technology provides a fast and zero-contact method for identifying individuals, the technology is not without risks. Primarily, individuals scanned by facial recognition services need to be aware of how their data is being used."