Security News > 2020

Trend Micro has fixed two actively exploited zero-day vulnerabilities in its Apex One and OfficeScan XG enterprise security products, and advises customers to update to the latest software versions as soon as possible. CVE-2020-8467, a critical flaw in the migration tool component of the two solutions that could allow remote attackers to execute arbitrary code on affected installations.

A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a report published this week by risk analysis firm RiskSense.

Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines. VMware made its name offering server virtualisation products that recreate server hardware in software, allowing admins to run many virtual servers on the same physical box at once.

Uber is poised to file a federal lawsuit over Los Angeles's demands for what the company consider to be the city's privacy-invading demands for real-time location data of its users. This isn't an answer - LADOT hasn't been able to give one - but in general, LA wants the data for a new data standard called the Mobility Data Specification.

DDoS attacks come in different sizes and types and it's not been revealed which methods were used beyond the fact the attacks lasted for hours. These days, DDoS attacks are not the potent weapon they once were, primarily because large websites are protected by a newer generation of defences trained on a number of large attacks, hijacking a widening range of protocols.

A now-defunct mobile app for loaning money to small business owners has been pinned down as the source of an exposed archive containing roughly 500,000 personal and business financial records. The research team at vpnMentor said it traced an exposed database of financial records back to a former Android/iOS app called MCA Wizard, developed jointly by Advantage Capital Funding and Argus Capital Funding back in 2018.

On Monday, the FBI's online crime division - the Internet Crime Complaint Center - issued a warning that human traffickers are increasingly using online platforms, including popular social media and dating platforms, to recruit and to advertise sex trafficking victims. Human trafficking victims are beaten, starved, deceived, and forced into sex work or agricultural, domestic, restaurant, or factory jobs with little to no pay.

The leader in purpose-built and performance-optimized data center appliances, announced the availability of the HyperSwitch, its next-generation top-of-rack switch built to maximize the performance and flexibility of SONiC, an open source network operating system built by Microsoft for scale-out performance networking. HyperSwitch units add power and extensibility by including an AMD EPYC Embedded 3000 Processor that can be used flexibly by network operators for network security applications such as firewalls, or for dedicated storage managers, and virtually any other software desired for custom networking operations.

Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, Cynet has also shared a few ways to best prepare for the Coronavirus derived threat landscape and provides a solution to protect employees that are working from home with their personal computers because of the Coronavirus.

Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, Cynet has also shared a few ways to best prepare for the Coronavirus derived threat landscape and provides a solution to protect employees that are working from home with their personal computers because of the Coronavirus.