Security News

If you're wondering which bugs in particular miscreants are exploiting to break into, or attempt to break into, US government networks, wonder no more. "CISA is aware of multiple cases where the Fortinet FortiOS SSL VPN vulnerability CVE-2018-13379 has been exploited to gain access to networks," explained Homeland Security's Cybersecurity and Infrastructure Security Agency in its advisory.

Two US government tentacles this week snared John McAfee, accusing the one-time antivirus mogul of tax evasion and breaking securities law. McAfee was cuffed in Spain, and is awaiting extradition to the US. McAfee is set to face trial on ten criminal charges of tax evasion and willful failure to file tax returns, brought by the Dept of Justice.

The H-1B One Workforce Grant Program will give up to 30 grants to training organizations to upskill US citizens for "Middle to high-skilled H-1B occupations... including information technology and cyber security" and so "Train a new generation of workers to grow the future workforce." The announcement comes one week before new restrictive visa rules are due to take effect that will greatly reduce the number of foreign workers that will be admitted to the US through the H-1B work visa.

For two years, IBM has been deploying confidential computing capabilities in the IBM Cloud and Rohit Badlaney, vice president of IBM Z Hybrid Cloud, said it is the only public cloud with "Production-ready confidential computing capabilities able to protect data, applications and processes." IBM's platform is now used in heavily regulated industries like healthcare and banking, with high profile customers like Bank of America and Daimler taking advantage of confidential cloud computing capabilities.

Just as America was getting a grip on improving the security of its electronic ballot boxes, the coronavirus pandemic hit, throwing a potential surge in remote voting unexpectedly into the mix, the Black Hat hacking conference was told today. In his keynote address to the now-virtual infosec confab, Georgetown Professor Matt Blaze said election officials will likely have to deal with a larger-than-normal number of citizens voting by mail, rather than in person, and all that entails, as people are encouraged to socially distance and stay away from crowds to curb the COVID-19 virus outbreak.

The Valak information stealer is being distributed in ongoing campaigns aimed at enterprises in North America, South America, Europe and likely other regions as well, Cisco Talos reports. What makes Valak stand out in the crowd is the use of stolen email threads for distribution, which increases the likelihood of the victim opening the delivered attachments.

Nutanix announced that it has appointed Christian Goffi as Vice President, Americas Channel Sales, where he will lead Nutanix's Americas Channel team. "I'm thrilled to be joining Nutanix, a company I've admired for its innovative hyperconverged infrastructure, cloud solutions, and customer-first approach," said Christian Goffi, Vice President of Americas Channel Sales at Nutanix.

The phishing email leads recipients to a phony BOA landing page in an attempt to steal their banking credentials, according to Armorblox. A blog post published Thursday by security provider Armorblox explains how a recent phishing campaign impersonates Bank of America.

"Tom is a respected and recognized leader in the cyber insurance industry with a strong acumen in underwriting and a solid presence within the broker community," said Schiavone. "His strategic and managerial expertise will be critical as we expand our cyber presence in North America."

Congress has been urged to introduce a measure that would require the FBI to get a warrant before agents can review Americans' internet browsing and search histories - just days after an amendment to do that fell by one vote in the Senate. Some new powers were also granted to law enforcement, including the ability to demand the browsing and search histories of citizens without needing to prove their case to a judge, which has serious privacy implications.