Security News > 2020

Axis Security, a company that specializes in private application access, emerged from stealth mode on Tuesday with $17 million in funding. The company provides a software-as-a-service solution named Application Access Cloud that is advertised as an alternative to VPN. "VPNs can be complex, slow to deploy, hard to manage and inflexible, especially when it comes to providing access to third-party supply chain partners, vendors, contractors, and remote employees," Axis Security said.

Handling internal security for an organization is tough enough, but when you must also deal with a soaring remote workforce, the security demands can become even more difficult. What are some of the security challenges involved with remote workers, and how can you ensure that your organization stays strong and protected against cyberthreats during this time? Here are the thoughts and recommendations of several security experts.

The Trump administration has ordered hundreds of thousands of federal employees to be prepared to work from home full time and use VPNs to connect to government systems. Many security analysts said these VPNs are designed for a small percentage of employees and not the thousands who will now need to access them repeatedly throughout the work day.

A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims' browsers, capturing screenshots, collecting anti-virus software information, and listing the running processes, drives and directories from victim machines. Once victims click on the attached malicious document and enable macros, the Crimson RAT is dropped.

Twenty-four individuals were arrested for laundering funds illegally obtained via business email compromise, romance, and retirement account scams targeting victims across the United States. The large-scale fraud operation facilitated by the arrested individuals has caused losses of more than $30 million, the Department of Justice has revealed.

A most entertaining piece of threat research from Check Point gives a unique insight into the "Working" life of a Nigerian email spammer who made thousands of dollars from stolen credit cards alone in recent years. Behind that facade of respectability, "Dton" was in fact an email spammer - a spammer working as part of a Nigerian cybercrime syndicate that generates its ill-gotten gains through buying and using stolen credit card details.

The app promises access to a coronavirus map tracker but instead holds your contacts and other data for ransom, DomainTools found. A new type of ransomware known as CovidLock encrypts key data on an Android device and denies access to the victims unless they pay up, according to the threat intelligence firm DomainTools.

In most cases of human-operated ransomware attacks against enterprises, the hackers don't trigger the malware immediately: according to FireEye researchers, in most of cases, at least three days passed between the first evidence of malicious activity and ransomware deployment. What are the attackers waiting for? One of the reasons for the delay is the wish to spread the ransomware to many systems before running it.

Some users have complained that the Windows security update released recently by Microsoft to patch a wormable vulnerability related to Server Message Block 3.0 is causing problems. Microsoft released an out-of-band update for Windows 10 and Windows Server on March 12 to fix CVE-2020-0796, a vulnerability that can allow an unauthenticated attacker to execute arbitrary code on SMB servers and clients.

Online guitar tutoring website TrueFire has apparently suffered a 'Magecart' style data breach incident that may have potentially led to the exposure of its customers' personal information and payment card information. TrueFire is one of the popular guitar tutoring websites with over 1 million users, where wanna-be-guitarists pay online to access a massive library of over 900 courses and 40,000 video lessons.