Security News > 2020

Shadowserver provides free daily live feeds of information about systems that are either infected with bot malware or are in danger of being infected to more than 4,600 ISPs and to 107 national computer emergency response teams in 136 countries. Last week, Shadowserver was instrumental in helping Microsoft kneecap the Necurs malware network, one of the world's largest spam and malware botnets.

The latest scheme includes a malicious Android tracker app that supposedly allows users to keep an eye on the spread of the virus, but locks victims' phone and demands money to unlock it. The DomainTools security research team is warning about a discovered a malicious domain distributing a fake Coronavirus outbreak tracker app, which will purportedly provide users tracking and statistical information about Covid-19 and heatmap visuals.

In the case of the critical Windows 10 Server Message Block vulnerability left unpatched in March's otherwise bumper Windows Patch Tuesday update, the answer is two days. That's how long it took Microsoft to change its mind about releasing a fix after news of the remote code execution flaw leaked in now-deleted vendor posts and word spread to customers.

A UK inquiry into child sexual abuse facilitated by the internet has recommended that the government require apps to pre-screen images before publishing them, in order to tackle "An explosion" in images of child sex abuse. The imagery isn't only "Depraved"; it's also easy to get to, the inquiry said, referring to research from the National Crime Agency that found that you can find child exploitation images within three clicks when using mainstream search engines.

Open source bugs have skyrocketed in the last year, according to a report from open source licence management and security software vendor WhiteSource. The number of open source bugs sat steady at just over 4,000 in 2017 and 2018, the report said, having more than doubled the number of bugs from pre-2017 figures that had never before broken the 2,000 mark.

As many of our federal agencies have already recognized, TikTok is a major security risk to the United States, and it has no place on government devices. TikTok has tried to soothe US fears about censorship and national security risks, including a reported plan to spin TikTok off from its parent company.

Researchers have discovered 16 types of vulnerabilities, including many backdoors, in Zyxel's CloudCNM SecuManager network management software. Zyxel CloudCNM SecuManager provides a console that organizations can use to monitor and manage their security gateways, including on internal and global networks.

Amazon and eBay shopper data was exposed, and the EARN IT act threatens end-to-end encryption. These stories and more in the weekly roundup.

In this podcast recorded at RSA Conference 2020, Sean Cronin, CEO of ProcessUnity, talks about the importance of third-party risk management and how companies can get started with a proven process that works. Our flagship product is a vendor risk management product that really focuses on third-party risk and vendor management.

A serious disconnect exists between how decision makers, and security practitioners perceive phishing prevention, according to a research by Ironscales. Among its key findings, the survey revealed that decision makers are four times more likely than security practitioners to consider email security the highest priority, suggesting that security personnel believe that they have a sufficient handle on phishing prevention while the C-Suite sees substantial business risk.