Security News

Penetration testers were successful in breaching the network perimeter and accessing the local networks of 93% of companies, according to a recent report from the security information company Positive Technologies. The testing revealed some alarming vulnerabilities, including the fact that at 71% of companies, even an unskilled hacker was able to penetrate the internal network.

A newly released threat report, tracking the biggest trends in the cybercriminal landscape, shows that attackers have been capitalizing on the global pandemic in various ways - from ransomware to web-based malware. Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, said that the semi-annual FortiGuard Labs Global Threat Landscape Report [PDF] for the first half of 2020, released Wednesday, illustrates an "Unprecedented cyber threat landscape."

A 350% increase in phishing websites was reported in the first quarter of the year, many targeting hospitals and health care systems and hindering their work responding to the COVID-19 pandemic, the U.N. counterterrorism chief said Thursday. Vladimir Voronkov told the U.N. Security Council that the upsurge in phishing sites was part of "a significant rise in cybercrime in recent months" reported by speakers at last month's first Virtual Counterterrorism Week at the United Nations.

Transport layer security and DNS, two of the foundational protocols of the internet, have recently undergone radical changes to protect browser user privacy. At the same time, they will reduce security on-premises in the short term, and security professionals must put tools in place in the next couple of years, a new report from Forrester Research states.

Security firm recommends digital distancing for devices and more collaboration between IT and security teams to harden the attack surface. A survey of security professionals finds that hackers are getting more aggressive as IT and security teams continue their internal turf battles.

Garmin, the GPS and aviation tech specialist, reportedly negotiated with Evil Corp for an decryption key to unlock its files in the wake of a WastedLocker ransomware attack. Sources reportedly shared photos with BleepingComputer of a Garmin computer with encrypted files with the.

CWT, a giant in the corporate travel agency world with a global clientele, may have faced payment of $4.5 million to unknown hackers in the wake of a ransomware attack. A CWT spokesperson declined to comment on whether the ransom was paid, or any technical details of the attack, or how it was able to recover so quickly.

Nearly half of British university staff say they have received no cybersecurity training, according to a recent survey. 46 per cent of staff received no training at all, while one Russell Group uni said that just 12 per cent of its staff had received "Any" training in infosec matters.

SophosLabs has just published a new report on a ransomware strain known as ProLock, which is interesting not so much for its implementation as for its evolution. Most ransomware scrambles the whole file, so monitoring access to the start of each file is an efficient way of spotting some, but not all, unauthorised changes.

Over 9,000 new vulnerabilities have been reported in the first six months of 2020, and we are on track to see more than 20,000 new vulnerability reports this year - a new record, Skybox Security reveals. Ransomware thrives during COVID-19 pandemic, with new samples increasing by 72%. Attacks on critical infrastructure, including healthcare companies and research labs, have added to chaos.