Security News

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager version 7.2.

About 4,000 stolen files from the Scottish Environmental Protection Agency have been dumped online by frustrated ransomware criminals after the public sector body refused to pay out. SEPA had, quite correctly, refused to pay the extortionists to prevent disclosure.

A London ad agency that counts Atlantic Records, Suzuki, and Penguin Random House among its clients has had its files dumped online by a ransomware gang, The Register can reveal. In the same accounts filed with UK register Companies House, it boasted of its position as the "Largest independently owned media agency in the UK by a significant factor", making it a juicy target for the Clop ransomware extortionists.

The new Edge 88 browser includes tough new security features, including a password generator and a tool for monitoring whether your login details have been exposed to the dark web. Microsoft Edge 88 is rolling out to users in the Stable channel alongside some new privacy-focused features, including a long-awaited credentials monitor and a built-in password generator.

It turns out people are more concerned about being hacked compared to acts of physical violence a la being murdered or mugged, according to a recent Atlas VPN post. Overall, nearly three-quarters of respondents said they worry frequently or occasionally about having their "Personal, credit card, or financial information stolen by computer hackers," while 12% of respondents said they never worry about this scenario.

A report from NordVPN finds disagreement on which political leader does better on privacy issues, whether disinformation should be banned, and what the biggest cyberthreat is. VPN service provider NordVPN has released the results of a Politics and Digital Privacy Study conducted on US citizens, finding party line divisions on many issues, but general agreement on others, such as whether Big Tech should be liable for its use of personal data or whether a policy similar to the proposed EU Digital Services Act should be enacted in the US. The study surveyed 1,000 American adults and focused on questions about privacy issues and disinformation on the internet with the aim of determining opinions on who should regulate those issues in the American market.

Here's our latest Naked Security Live talk, where we discuss the tips in our article Home schooling- how to stay secure. Even if you don't have school-age children, or aren't living in a region where schools are currently closed, the video contains a wide range of advice that will help you stay secure at home anyway.

announced it will offer an online proctoring pilot test for its entire portfolio of cybersecurity certifications, including the renowned CISSP. Administered exclusively through Pearson VUE, this pilot program will assess the viability and future availability of online proctoring for² certification examinations. "In the wake of COVID-19,² has spent considerable time and effort to ensure the integrity of our exam process while taking into consideration that many candidates are facing extraordinary uncertainty and restrictions due to the pandemic," said Dr. Casey Marks, chief product officer and vice president,².

The European Medicines Agency today revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December was leaked online. "The Agency continues to fully support the criminal investigation into the data breach and to notify any additional entities and individuals whose documents and personal data may have been subject to unauthorized access."

In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by a U.S.-based publicly traded company, which experts say could be exposed to civil and criminal liabilities as a result of DDoS-Guard's business with Hamas.