Tuesday, March 31, 2020
SecurityWeek

Internet Society Expands Program for Secure Internet Routing Framework

CDNs and Cloud Providers Join Initiative to Improve Security of Internet's Routing System Failure in internet routing security leads to major outages, stolen data, hijacking, lost revenue and more, with more than 12,000 routing outages in 2018 alone. The Mutually...
SecurityWeek

Palo Alto Networks to Acquire CloudGenix for $420 Million

Palo Alto Networks on Tuesday announced that it has entered into a definitive agreement to acquire enterprise SD-WAN solutions provider CloudGenix for roughly $420 million. Palo Alto Networks’ Prisma Access solution enables organizations to protect remote networks and mobile users,...
SecurityWeek

FBI Warns of Ongoing Kwampirs Attacks Targeting Global Industries

A malicious campaign is targeting organizations from a broad range of industries with a piece of malware known as Kwampirs, the Federal Bureau of Investigation warns. read more
SecurityWeek

CISOs Suffering From Increasingly Complex Workload: Cisco

Growing Complexity of Managing Enterprise Cybersecurity is Increasing CISO Fatigue and Burnout A CISO's life is complex, with business transformation, cloud adoption, working from home and use of mobile devices, and sometimes just too many solutions. Many see automation and...
SecurityWeek

New Marriott Data Breach Impacts Up to 5.2 Million Guests

Marriott on Tuesday disclosed a new data breach that could impact up to 5.2 million of its guests. The incident is related to an internal application used by Marriott hotels. read more
SecurityWeek

Industrial Controllers Still Vulnerable to Stuxnet-Style Attacks

Researchers demonstrated recently that hackers could launch a Stuxnet-style attack against Schneider Electric’s Modicon programmable logic controllers (PLCs), but it’s believed that products from other vendors could also be vulnerable to the same type of attack. read more
SecurityWeek

Retooling Cyber Ranges

Cloud-based Cyber Ranges Will Change the Future of Training and Certifying Security and DevOps Professionals read more
SecurityWeek

Zoom Updates Privacy Policy After Experts Raise Concerns

Remote conferencing services provider Zoom this week updated its privacy policy following the publishing of a series of reports raising concerns regarding the privacy of Zoom users. Headquartered in San Jose, California, Zoom provides users with a platform that combines...
SecurityWeek

Vulnerabilities Expose Lexus, Toyota Cars to Hacker Attacks

Vulnerabilities in Lexus and Toyota cars could be exploited by hackers to launch remote attacks against affected vehicles, researchers at China-based Tencent Keen Security Lab discovered. read more
SecurityWeek

State-Backed Players Join Pandemic Cyber Crime Attacks

Sophisticated state-supported actors are following cybercriminals in exploiting the coronavirous pandemic and posing an “advanced persistent threat" (APT), French defence technology giant Thales warned Monday. read more
SecurityWeek

Microsoft to Add Compromised Password Notification to Edge

Microsoft on Monday announced several new features for its Edge web browser, including one that will alert users if the credentials they have saved to autofill have been compromised as a result of a third-party data breach. read more
SecurityWeek

FBI: Cybercriminals Mailing Malicious USB Devices to Victims

The financially-motivated hacking group FIN7 has started mailing malicious USB devices to intended victims in an effort to infect their computers with malware, the FBI warns. read more
SecurityWeek

Zettaset Launches Software-Defined Encryption for Kubernetes Environments

Kubernetes-specialist Zettaset has introduced software-defined encryption for Kubernetes-managed containers, improving DevSecOps, enhancing data protection, and enabling compliance. read more
SecurityWeek

Corporate Workers Warned of ‘COVID-19 Payment’ Emails Delivering Banking Trojan

IBM and FireEye have spotted a campaign that relies on fake “COVID-19 Payment” emails to deliver the Zeus Sphinx banking trojan to people in the United States, Canada and Australia. read more
SecurityWeek

Utah Investigating Hacking of Candidate’s Virtual Event

The Utah Attorney General’s Office is investigating the hacking of a video call hosted by a gubernatorial candidate who saw the call hijacked by pornographic images and racial slurs on Thursday. read more
SecurityWeek

Vulnerabilities in DrayTek Enterprise Routers Exploited in Attacks

Threat actors have been exploiting a couple of vulnerabilities affecting some DrayTek enterprise routers in attacks that started before patches were released by the vendor. DrayTek is a Taiwan-based manufacturer of networking equipment, including routers, firewalls, broadband customer premises equipment...
SecurityWeek

Privacy Rights May Become Next Victim of Killer Pandemic

Digital surveillance and smartphone technology may prove helpful in containing the coronavirus pandemic -- but some activists fear this could mean lasting harm to privacy and digital rights. read more
SecurityWeek

Europol: Criminals Exploit Virus Crisis as Fresh Opportunity

Criminals are preying on a fearful public and disrupting the provision of medical care during the coronavirus pandemic by selling counterfeit products, impersonating health workers and hacking computers as many citizens do their jobs online at home, European law...
SecurityWeek

Google Sees Drop in Government-Backed Phishing Attempts

Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems. read more

Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC

Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.

Defense Evasion Dominated 2019 Attack Tactics

Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.

OpenWRT is vulnerable to attacks that execute malicious code

Enlarge (credit: OpenWRT) For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
SC Magazine

Privacy in critical care after telehealth demands jump

As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...