Security News > 2020

Two of these vulnerabilities are under active attack. The first of two flaws under attack is a critical vulnerability that exists in the migration tool component of Apex One and OfficeScan.

Ransomware attacks are still happening, and more employees need to be trained on how to prevent them. TechRepublic's Karen Roby spoke with Rahul Kashyap, president and CEO of Awake Security, about the prevalence of ransomware and how to prevent it.

Ransomware attacks are still happening, and more employees need to be trained on how to prevent them.

The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol accounts. TrickBot is a malware strain that has been around since 2016, starting life as a banking trojan.

Researchers from Cybereason Nocturnus have been tracking the rise and variety of such attacks, which now include phishing, fake apps and ransomware. Beyond phishing, criminals have targeted home workers with fake apps offering coronavirus information, and false VPNs taking advantage of corporate advice to stay home and use VPNs. Reason Labs' Shai Alfasi found a fake 'coronavirus map' offering information on the spread of the pandemic, but hiding an AZORult-related infostealer.

The Cyberspace Solarium Commission is a modern iteration of Eisenhower's original 1953 Project Solarium. "Technological change is outpacing the U.S. government's ability to adapt," notes the CSC. As Tom Gann, chief public policy officer at McAfee comments, "Cybersecurity is everyone's responsibility. No one industry, sector, government or individual can adequately address the cyber challenges we face from nation-state actors and other adversaries. The Solarium Commission rightly notes that turning the tide on cyber threats must involve federal, state, local and tribal governments as well as industry, academia and individuals."

Threat intelligence provider Sixgill has announced a new product that allows organizations to integrate a real-time, actionable dark web data feed into any security platform. The newly introduced Darkfeed contains a list of malicious indicators of compromise such as domains, file hashes, and IP addresses that have been extracted from the dark web.

Security updates released this week by Adobe address numerous critical and important vulnerabilities in Genuine Integrity Service, Acrobat and Reader, Photoshop, Experience Manager, ColdFusion, and Bridge. A total of 13 flaws were patched in Acrobat and Reader for Windows and macOS, nine of which are rated critical severity, leading to arbitrary code execution in the context of the current user.

VMware announced on Tuesday that it has patched a serious privilege escalation vulnerability that can be exploited on Mac systems where Fusion, Remote Console or Horizon Client are installed. The vulnerability, tracked as CVE-2020-3950 and classified as high severity, is related to the improper use of setuid binaries, and it impacts Fusion 11.x, VMRC 11.x and prior, and Horizon Client 5.x and prior.

Do you know what information you share within the Google ecosystem? You can easily control what is visible or hidden, from with your Android device. Did you know that you are actually in control of what personal information people see when you create or share content within the Google ecosystem, such as YouTube and Google Drive? If you're serious about your privacy, this is something you should certainly want to take control of.