Security News > 2020

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. Delivered over USB, keystroke injection attacks require a Human Interface Device Driver.

After the inadvertent leaking of details about a wormable Windows SMBv3 RCE flaw on Tuesday, Microsoft has rushed to release a patch. The flaw affects Windows 10 and Windows Server installations, so admins who have those in their care are urged to implement the security updates right away.

Despite recent revelations that the process by which the FBI and NSA gain approval for spying on US citizens is open to abuse, the US Congress is again planning to reauthorize the USA Freedom Act that gives those measures their legal foundation. The situation is similar to two years ago, when a group of senators fiercely opposed the reauthorization of another flawed spying program without significant reforms, but were defeated when it was attached to an end-of-year spending bill: something critics characterized as "An end-run around the Constitution."

Research from Atlas VPN found that criminals' net proceeds outpace the revenue made by tech giants each year. Cybercriminals are now making more than billion-dollar corporations according to a new study from Atlas VPN. Researchers from the company found that cyberattacks are helping criminals in total to make more than $1.5 trillion in revenue each year, which is the three times the $514 billion Walmart makes annually.

Several potentially serious vulnerabilities have been discovered in some of the industrial 4G routers made by Phoenix Contact, a Germany-based provider of industrial automation, connectivity and interface solutions. TC CLOUD CLIENT devices provide an industrial VPN gateway for remote maintenance via a 4G network.

Identity management firm Auth0 has launched Auth0 Signals, a collection of threat intelligence tools and capabilities designed to protect customers from identity attacks. The purchased company's knowledge of malicious IP addresses provides an additional source of IP threat intelligence to Auth0's anomaly detection engine, which protects Auth0 customers.

In one scheme, an interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious Web sites to spread password-stealing malware. Late last month, a member of several Russian language cybercrime forums began selling a digital Coronavirus infection kit that uses the Hopkins interactive map as part of a Java-based malware deployment scheme.

Researchers have discovered another big database containing millions of European customer records left unsecured on Amazon Web Services for anyone to find using a search engine. Data in the records included names, shipping addresses, email addresses, phone numbers, items purchased, payments, order IDs, links to Stripe and Shopify invoices, and partially redacted credit cards.

Just a month after shipping version 73 of its Firefox browser, Mozilla has released version 74 with a range of privacy and security enhancements. Firefox 74 fixes the problem by using multicast DNS with ICE to create a random ID that cloaks a computer's IP address.

Google has awarded its inaugural annual top prize for the Google Cloud Platform, for vulnerabilities found in the Google Cloud Shell. The find - a container escape that leads to host root access and the ability to use privileged containers - has earned $100,000 for Dutch researcher Wouter ter Maat.