Security News > 2020

Cybercriminals are likely to leverage the global anxiety around the coronavirus outbreak to execute ransomware attacks against businesses, according to RiskIQ. After extensive analysis of past ransomware attacks during global epidemics and current phishing campaigns leveraging the coronavirus, threat actors will eventually begin using ransomware against victims they infect with the AZORult and Emotet varieties of malware. Clicking on malicious links is necessary to execute the attacker's malware, which opens the door for ransomware infection.

Sound security budget planning and execution are essential for CIO's/CISO's success. Now, for the first time, the Ultimate Security Budget Plan and Track Excel template provide security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame.

Compounding the issue is that certain operating systems and browsers use new encryption technologies - DNS over TLS and DNS over HTTPS - in the query response handshake with these unauthorized DNS services that make them harder to block. Today I'm going to talk about DNS over HTTPS misuse or abuse.

Scam robocalls and phishing emails disguised as banks continue to trick consumers to put their personal information at risk, and tax season is no exception. These tactics are particularly effective due to tax payers concerns of misfiling their taxes or accidentally running into trouble with groups like the IRS. McAfee researchers recently uncovered an example of an illegitimate IRS site created to scam unsuspecting consumers.

Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 network communication protocol. It appears Microsoft originally planned to fix the flaw as part of its March 2020 Patch Tuesday update only for some reason, it pulled the plug at the last minute, which apparently did not stop a tech company from accidentally leaking the existence of the unpatched flaw.

Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 network communication protocol. It appears Microsoft originally planned to fix the flaw as part of its March 2020 Patch Tuesday update only for some reason, it pulled the plug at the last minute, which apparently did not stop a tech company from accidentally leaking the existence of the unpatched flaw.

The survey reveals that multi-cloud deployments are being driven primarily by a need to maximize availability and reliability for applications, while at the edge IoT is the top use case driving deployments. Multi-cloud deployments are threatened by security and connectivity problems due to differences between cloud providers, as well as operational challenges in managing workloads across several clouds.

Microsoft Word RCE A Remote Code Execution vulnerability in Microsoft Word is also covered in today's patch release. "We start with CVE-2020-0684, a Remote Code Execution vulnerability that exists in Windows 7 through 10 and Windows Server 2008 through 2019. The vulnerability exists in the way Windows processes.LNK files. In order to exploit this vulnerability an attacker would need to trick a victim into clicking on a.LNK file to a remote share or a removable drive that contained malware."

The Ultimate Security Budget Plan & Track template is an Excel spreadsheet that comes pre-packaged with the required formulas to continuously measure, on a monthly basis, the planned and actual security investments, providing immediate visibility into any mismatch between the two. Products - Already deployed as well as planned projects for the coming year.

Arista Networks announced an optical line system in an OSFP module form factor. The Arista OSFP-LS addresses the needs of Tier2 Cloud and Internet Service Providers for high bandwidth links that are easy to deploy and operate.