Security News > 2020

The Russian hacking crew known variously as APT28, Fancy Bear and Pawn Storm has been targeting defence companies with Middle Eastern outposts, according to Trend Micro. A new report from the threat intel firm says that the Russian state-backed hacking outfit went on a spree of targeting defence firms in the Middle East back in May last year.

The developers of the Drupal content management system announced on Wednesday that updates for versions 8.8.x and 8.7.x address a couple of vulnerabilities affecting the CKEditor library. Drupal uses CKEditor and it has decided to update it to version 4.14, which patches two cross-site scripting vulnerabilities affecting earlier versions of the library.

In Mimecast's Threat Intelligence Report RSA Conference Edition 2020, the security company reported a 145% increase in malware attacks in the last quarter of 2019. In the 2019 Cloud App Security Roundup, Trend Micro reported that the company detected almost a million instances of malware.

Malicious COVID-19 domains and special virus-themed sales on the dark web are two ways criminals are using the outbreak to ramp up business, said security provider Check Point. Two ways that bad actors are taking advantage of the crisis is through coronavirus domain names and sales on the dark web, as described in a blog post published Thursday by Check Point Security.

Join Today The coronavirus may put organizations at risk through short staffing or unavailable workers and services, but disaster recovery and business continuity plans can help sustain business operations. The need for a disaster recovery business continuity plan is becoming more critical as the enterprise adjusts to the business disruptions caused by the coronavirus.

The National Institute for Standards and Technology has published the draft version of SP 800-53: Security and Privacy Controls for Information Systems and Organizations. The publication provides a catalog of security and privacy controls that will help protect organizational operations and assets.

Every network administrator needs to know how to listen to port traffic on a server. So you have a Linux server up and running, but you either suspect there might be some nefarious traffic coming in, or you just want to know what's going on at all times with this new machine.

Do you know what information you share within the Google ecosystem? You can easily control what is visible or hidden, from with your Android device. Find out how.

If exploited, the flaws could enable bad actors to execute commands with root privileges on affected systems. The three flaws are located in various Cisco hardware and software products running the company's SD-WAN software earlier than Release 19.2.2.

For years, the EFF has been saying that developing algorithms that the FBI and law enforcement can use to identify similar tattoos from images - similar to how automated facial recognition systems work - raises significant First Amendment questions. UNICAMP also said that its researcher - Prof. Léo Pini Magalhãe - is adding to the dataset by grabbing images of tattoos from the web: a practice that the EFF noted has increasingly come under fire from Congress in light of the Clearview AI face recognition scandal.