Security News

A ransomware attack that hobbled a Georgia county government in early October reportedly disabled a database used to verify voter signatures in the authentication of absentee ballots. According to a report in the Gainesville Times, the attack also disabled the county's voter signature database.

SecurityScorecard released a report earlier this month that looked through the overall cybersecurity posture of all 56 US states and territories leading up to the presidential election. The study found that 75% of all states and territories had IT infrastructures that are vulnerable to a variety of cyberattacks.

There is a new report on police decryption capabilities: specifically, mobile device forensic tools. This report documents the widespread adoption of MDFTs by law enforcement in the United States.

Cisco has released two studies examining how workers feel about the current state of play when it comes to remote work security and data privacy, finding that thousands around the world are increasingly concerned about how their employers are handling the massive societal changes that have occurred over the last six months. "Cisco's latest privacy research highlights that people care deeply about protecting their data, and many have stopped doing business with companies due to data privacy concerns," said Brad Arkin, senior vice president and chief security and trust officer at Cisco.

An online platform designed to help IoT vendors receive, assess, manage and mitigate vulnerability reports has been launched by the IoT Security Foundation. VulnerableThings.com aims to simplify the reporting and management of vulnerabilities whilst helping IoT vendors comply with new consumer IoT security standards and regulations.

Clop and the group's signature malware has struck again - this time hitting a giant target in the form of German software conglomerate Software AG. The company isn't paying a mammoth $23 million ransom, and over the weekend it confirmed that the crooks were releasing company data, according to reports. The company released a statement on October 5 publicly announcing the attack, adding, "While services to its customers, including its cloud-based services, remain unaffected, as a result, Software AG has shut down the internal systems in a controlled manner in accordance with the company's internal security regulations," the statement read. But that assessment turned out to be prematurely rosy.

A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military's Cyber Command. On October 2, KrebsOnSecurity reported that twice in the preceding ten days, an unknown entity that had inside access to the Trickbot botnet sent all infected systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control compromised Microsoft Windows computers.

Adobe is suffering a 'major' outage that prevents users from logging in to Creative Cloud or accessing their subscribed applications or stored data. Since approximately 9:30 a.m EST, Adobe Creative Cloud users have reported difficulty logging into the service or accessing saved images and data.

Microsoft awarded over $370,000 in bounties to security researchers for 16 bounty eligible reports of vulnerabilities submitted through the Azure Sphere Security Research Challenge IoT-focused research program. Azure Sphere Security Research Challenge is a 3-month expansion to the Azure Security Lab bounty program Microsoft announced last year at Black Hat 2019.

APIsec provides a 100% automated and continuous API security testing platform that eliminates the need for expensive, infrequent, manual pen-testing. "Our customers love the comprehensive security test coverage APIsec provides out of the box, and they wanted to stop hiring expensive, time-consuming outside firms for penetration testing reports," said Intesar Shannan Mohammed, CTO of APIsec.