Security News > 2020

Balbix, provider of the industry's first system for cybersecurity posture transformation, announced the addition of Shelly Morales as the company's new Vice President of People. As VP of People at Balbix, Morales will provide innovative leadership over the global HR department, leading organizational culture initiatives, employee engagement programs and talent acquisition to drive company performance.

Late last week, researchers at network intelligence company DomainTools warned about an Android malware sample that caught our attention. Like many other cyberthreats doing the rounds these days, the criminals have used the coronavirus pandemic as a lure, offering an intriguing if rather creepy app called COVID 19 TRACKER. The website promoting the app offers to "Track Real-Time Coronavirus Outbreak in your Street, City and State", and says it will "Get Real-Time Statistics about Coronavirus outbreaks around you in over 100 countries."

A little more than a week after forgoing March's Patch Tuesday hullabaloo, Adobe has emitted fixes for dozens of security flaws in its applications. The ever-vulnerable Reader and Acrobat on Windows and macOS require patching for 13 CVE-listed holes, nine of which can be exploited to gain malicious code execution on vulnerable machines.

Kristin Del Rosso and other threat researchers with cybersecurity company Lookout have found a new kind of coronavirus cyberattack designed to spread potentially malicious Android applications that appear to be the most recent piece of tooling in a larger mobile surveillance campaign operating out of Libya and targeting Libyan individuals. At least three new apps related to coronavirus have been created using the same infrastructure as those applications and the Lookout investigation discovered that they can be traced back to IP addresses operated by Libyan Telecom and Technology, a consumer internet service provider.

WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 - while input-validation bugs edged out cross-site scripting as the most-weaponized weakness type. The firm found that WordPress and Apache Struts alone accounted for a combined 57 percent of exploited framework bugs during the year.

UPDATE. Researchers are shedding light on a Microsoft Azure misconfiguration bug that leaked sensitive access tokens, which could have given hackers access to virtual machine instances and cloud-based storage buckets. According to CyberArk, it found the bug in September and Microsoft "Unintentionally" fixed it within two weeks as part of a regular update to its Azure platform.

Under the strain of the COVID-19 global pandemic, we're seeing a great number of people rise up to help others. People working from home depend on Wi-Fi routers that may not be secure;.

Released on Wednesday, Radware's report Coronavirus: Security Recommendations For Remote Access Threats explains how to safeguard your organization against remote access threats. VPNs. Remote workers rely on VPNs to gain secure access to an employer's network.

In its blog post released Tuesday, A Life of Cybercrime: The Inside Story of How a Nigerian Hacker Earned over $100,000, Check Point told the tale of a man referred to as "Dton." Single, 25 years of age, and a resident of Benin City in Southern Nigeria, Dton seems like a model citizen on the surface. Active for more than seven years, Dton has managed to rake in at least $100,000 from his illegal trade and likely several times that amount-a substantial income in light of the minimum wage and average salary in Nigeria, according to Check Point.

Cisco on Wednesday announced that it has patched a total of five vulnerabilities in its SD-WAN solution, including three that have been assigned a "High severity" rating. The high-severity vulnerabilities - all of them reported to Cisco by Orange Group - are caused by insufficient input validation.