Security News

Help Net Security is launching a new series of reports aimed at helping CISOs choose the right solution and vendor to meet their organization's cybersecurity needs. The topic of this inaugural report is extended detection and response, an emerging technology that has been receiving a lot of buzz in the last few years.

Twitch source code and streamers' and users' sensitive information were allegedly leaked online by an anonymous user on the 4chan imageboard. The leaker shared a torrent link leading to a 120GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories.

Victims of ransomware attacks in the United States may soon have to report any payments to hackers within 48 hours, according to a new legislation proposal titled the 'Ransom Disclosure Act'. Require ransomware victims to disclose information about ransom payments no later than 48 hours after the date of payment, including the amount of ransom demanded and paid, the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom;.

Security specialist ESET's latest Threat Report warns of a massive increase in attacks on Remote Desktop Protocol endpoints - and new activity from the Nobelium gang against European government organisations. ESET's figures show attacks on RDP servers having gone up 103.9 per cent since its T1 report in June - it publishes three a year - representing a total of 55 billion detected brute-force attacks, thanks in no small part to a campaign focused on Spanish targets.

Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. An SEC filing by Forward Air states that the company lost $7.5 million of less than load freight revenue "Primarily because of the Company's need to temporarily suspend its electronic data interfaces with its customers."

Google said, in an August report, the number of geofence warrants the company received from law enforcement agencies jumped from 982 in 2018 to 11,554 in 2020. "Since the start of 2018, we have seen a rise in the number of search warrants in the United States that order Google to identify users, based on their Location History information, who may have been in a given area within a certain time," Google said.

A database containing personal information on 106 million international travelers to Thailand was exposed to the public internet this year, a Brit biz claimed this week. According to data from The World Bank, Thailand racked up almost 40 million international arrivals in 2019, a number that was on the rise every year pre-pandemic except for 2014, the year the country experienced a military coup.

Due to the coronavirus pandemic, companies around the globe quickly transitioned to remote work to mitigate the spread of COVID-19 in-house. As a result, remote workers are logging on for the virtual workday on their home networks and at times even via their personal devices, leading to new security risks.

An August Beyond Identity report takes a look at people's password protection habits as well as their tendencies to guess other folk's passwords. Last month, Beyond Identity published the results of a survey highlighting password protection habits, office password "Guessing games" and more.

After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet. The news might prompt responsible database owners to double-check their updates and patching status, given the increasing attractiveness of databases and their contents to criminals and hostile foreign states alike.