Security News > 2020

Among the report's key findings, total framework vulnerabilities in 2019 went down but the weaponization rate went up, WordPress and Apache Struts had the most weaponized vulnerabilities, and input validation surpassed cross-site scripting as the most weaponized weakness in the frameworks examined. "Even if best application development practices are used, framework vulnerabilities can expose organizations to security breaches. Meanwhile, upgrading frameworks can be risky because changes can affect the behavior, appearance, or inherent security of applications," said Srinivas Mukkamala, CEO of RiskSense.

Time-critical, unplanned work caused by IT disruptions continues to plague enterprises around the world, leading to lost revenue, significant employee morale problems and missed opportunities to innovate. More than 81% of respondents agreed that urgent, unplanned work keeps their company from focusing on key objectives.

Cybersecurity firm Check Point Research, in a report shared with The Hacker news, uncovered the digital trail of a Nigerian cybercriminal, who went by the name of "Dton" and targeted hundreds of thousands of people under the moniker of "Bill Henry" by sending them malicious emails with custom-built malware. A multi-stage criminal scheme The operation began with Dton buying stolen credit card details from Ferrum Shop, an online marketplace that sells over 2.5 million stolen credit card credentials, and then charging them each $550 each to fraudulently net more than $100,000 in illicit transactions.

Cybersecurity firm Check Point Research, in a report shared with The Hacker news, uncovered the digital trail of a Nigerian cybercriminal, who went by the name of "Dton" and targeted hundreds of thousands of people under the moniker of "Bill Henry" by sending them malicious emails with custom-built malware. A multi-stage criminal scheme The operation began with Dton buying stolen credit card details from Ferrum Shop, an online marketplace that sells over 2.5 million stolen credit card credentials, and then charging them each $550 each to fraudulently net more than $100,000 in illicit transactions.

As the American Bar Association's Cybersecurity Handbook puts it: "If a client's disaster recovery plans cannot pass the 'Hurricane Sandy test,' such plans might also fail if cyber incidents caused prolonged disruptions." With the uncertainty of COVID-19, most companies have deployed employee travel restrictions.

It's important for security and IT professionals to understand how the California Consumer Privacy Act will affect how they do their jobs. Businesses that fail to comply with CCPA could face penalties of up to $7,500 per violation and individuals can seek damages through a class action.

2 - the world's largest nonprofit membership association of certified cybersecurity professionals - announced that David Shearer, CISSP, the association's current CEO, will step down at the end of 2020 after serving in the role since 2015. The2 Board of Directors has initiated a CEO recruitment search to identify an experienced leader to succeed Shearer and guide the organization on a path of continued growth as demand for certified cybersecurity professionals continues to grow exponentially worldwide.

Security provider Stellar Cyber, with the first Open-XDR security platform, announced the latest addition to its Starlight platform's built-in App Store, a new Entity Behavior Analytics app. It provides a unified view of all assets across networks, endpoints and cloud environments by assigning a risk score to each asset based on observed security events and related risk profiles.

The intruders swiped, from staff email accounts no less, customer info including names and addresses; Social Security numbers; government-issued ID, such as passport numbers and driver's license numbers; credit card and financial account information; and health-related information. Vimeo says account info taken from infected user PCs. Video sharing site Vimeo believes a malware infection has targeted some of its user accounts for theft.

FiberLight, a fiber infrastructure provider with more than 20 years of construction experience building mission-critical, high-bandwidth networks, announces that it has been chosen as the lit network service provider of choice by Nextlink Internet across its Texas network. Nextlink had an existing 10GB network ring in place through FiberLight, but the company needed to expand its network infrastructure with 70 additional fiber-fed towers.