Security News > 2020

Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of the browser. The pause, the Internet giant says, was caused by an adjusted work schedule due to the current COVID-19 epidemic, and affects both Chrome and Chrome OS releases.

A recently discovered TrickBot variant targeting telecommunications organizations in the United States and Hong Kong includes a module for remote desktop protocol brute-forcing, Bitdefender reports. Now, its operators apparently added a new rdpScanDll module to the threat, to brute-force RDP for a specific list of victims.

Making better cloud infrastructure deployment choices upfront - and a shift from DevOps teams to DevSecOps - will help businesses better secure information, said Olson. We've been expanding new directions, writing reports about cloud vulnerabilities, cloud threats, IoT vulnerabilities and IoT threats, all sorts of stuff.

Phishing is typically used to gain credentials so attackers have access to an organization's systems, or as a way to deploy malware directly. One of the key reasons phishing is so successful is how easy it is to execute, and how many ways it can be used.

Much of the US healthcare system is running on outdated software and unsupported operating systems, such as Windows 7, leaving devices vulnerable to hackers actively exploiting the coronavirus. Atlas based part of its findings on a Palo Alto Networks survey of 1.2 million Internet of Things devices used in thousands of healthcare organizations across the US. Palo's survey found that 56% of devices were still running on the Windows 7 operating system, which Microsoft stopped supporting in January of this year.

The suspicious network activities revealed in the research by Positive Technologies are traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying. The 13-page study, "Top Cybersecurity Threats on Enterprise Networks," which was performed using advanced network traffic analysis tools, found that 97% of the surveyed companies show evidence of suspicious activity in their network traffic and that 81% of the companies were being subject to malicious activity.

With people worldwide forced to work from home due to the coronavirus epidemic, NIST and DHS published a series of recommendations on how to ensure that virtual meetings and connections to enterprise networks are protected from prying eyes. The security of virtual meetings might often be an afterthought, but basic precautions can ensure that they don't lead to data breaches or other security incidents, says Jeff Greene, director of the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology.

Cryptojacking may not be entirely dead following the shutdown of a notorious cryptomining service, but it isn't very healthy, according to a paper released this week. Coinhive provided Monero cryptomining scripts for use on websites, retaining 30% of the funds for itself.

A California man has been sentenced to more than seven years in prison for hacking an Atlanta-based company and trying to extort money in exchange for the return of the company's intellectual property. Kight accessed computer networks and servers of multiple companies and organizations in Georgia without authorization, prosecutors said.

The patch released recently by VMware for a privilege escalation vulnerability affecting Fusion for Mac have been found to be incomplete. VMware informed customers on March 17 that Fusion, Remote Console and Horizon Client for Mac are affected by a high-severity privilege escalation vulnerability caused by the improper use of setuid binaries.