Security News > 2020
New Threat With An Old Malware Component The latest threat, designed to steal information from unwitting victims, was first spotted by MalwareHunterTeam last week and has now been analyzed by Shai Alfasi, a cybersecurity researcher at Reason Labs. AZORult malware collects information stored in web browsers, particularly cookies, browsing histories, user IDs, passwords, and even cryptocurrency keys.
Both tested positive for COVID-19 after attending RSA in San Francisco. The two Exabeam employees who were diagnosed with coronavirus after attending the RSA tech conference, which ran from Feb. 24-28 at the Moscone Center in San Francisco, are on the road to recovery.
Some 84% of phishing URLs seen by content delivery network Akamai were abusing media and e-commerce companies. Phishing attacks try to trick unsuspecting users by mimicking well-known brands and companies.
More than half of all internet of things devices are vulnerable to medium- or high-severity attacks, meaning that enterprises are sitting on a "Ticking IoT time bomb," according to Palo Alto Networks Unit 42 research team. One big takeaway for me is that you found that more than half of IoT devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers.
Whisper, a mobile app for sharing those thoughts you'd rather not make public, turns out to be better at sharing secrets than keeping them, spilling a whopping 90 metadata fields associated with users in an exposed database. In a phone interview with The Register, Dan Ehrlich, security consultant with Twelve Security, said colleague Matt Porter had spotted the unprotected Whisper ElasticSearch database.
Sunnyvale, Calif-based Arctic Wolf Networks has raised $60 million in a Series D funding round led by Blue Cloud Ventures and Stereo Capital. "Arctic Wolf's approach of providing businesses with dedicated experts who know their security landscape, and a predictable pricing structure they can understand, has resonated with organizations of all sizes who are looking to better secure their data," said Brian NeSmith, CEO and co-founder of Arctic Wolf.
Match Group, the parent company of dating apps such as Tinder, on Tuesday publicly endorsed a US bill others in the tech industry fear will erode online privacy and speech in the name of fighting child abuse. US senators unveiled the bipartisan measure last week, aiming to curb images of child sex abuse by forcing tech platforms to cooperate with law enforcement on encryption or risk losing the legal immunity for what is posted on their websites.
A new report from the Deloitte Center for Government Insights surveyed ransomware attacks on local governments throughout 2019 and lays out a few tips for those faced with the tough decision of whether to pay ransoms or not. The crucial question for most local governments is whether to pay, and while it may seem like the massive cost differences between thousand-dollar ransom payments and million-dollar recovery efforts is steep, the report suggests local governments hold the fort and refrain from paying cybercriminals.
A New York State court issued an order this week giving Microsoft control of the U.S.-based infrastructure used by the notorious Necurs botnet in an effort to stop the world's most prolific and globally dispersed spam and malware infrastructure. The move came after Microsoft and partners across 35 countries cracked Necur's domain generation algorithm, which is what generates random domain names to allow the botnet to distribute malware and infect victim computers around the world.
The FBI on Saturday arrested the alleged owner of Deer.io: a Russia-based marketplace for buying and selling credentials for hacked accounts siphoned off of malware-infected computers, victims' personally identifiable information, as well as financial and corporate data. Out of all the shops on Deer.io, the FBI still hasn't found a single legitimate business advertising its services and/or products, and it's been looking.