Month: December 2020
Non-profit yang didirikan oleh Gates Foundation menderita eksposur besar dari catatan siswa
31 December 2020Dapatkan Schooling, yang berbasis di New York amal menderita data paparan yang meninggalkan catatan yang terkait dengan ratusan ribu siswa yang tidak aman AWS ember yang terbuka dan dapat diakses dari internet. Pemaparan pertama kali diidentifikasi oleh TurgenSec, sebuah perusahaan keamanan yang berbasis di Inggris, yang menerima pengajuan dari anonim pihak ketiga yang berisi data […]
Read More
Financial services industry hit with tens of millions of attacks per day
31 December 2020During the past year the financial services industry was hit with millions or tens of millions of attacks per day. (Uris English Wikipedia/CC BY-SA 3.0) In an update of its State of the Internet report, Akamai found that in the past year the financial services industry was hit with millions or tens of millions of […]
Read More
The 2020 SolarWinds reality check: As cleanup continues, community considers implications
31 December 2020What might go down as the most consequential story of the year for the cybersecurity community only surfaced in December, despite the alarming realization that the SolarWinds supply chain hacking took place months before. Cybersecurity experts predict years of clean up, both physical and political, from the infiltration attributed to Russia, which pushed malicious updates for the […]
Read More
Ticketmaster fined $10 million in corporate espionage scheme
31 December 2020The Department of Justice announced Wednesday Ticketmaster would pay a $10 million fine as part of a differed prosecution agreement for using an employee’s login credentials to his former employer’s computer systems to garner information on the competitor. Zeeshan Zaidi, the former head of artist services at Ticketmaster, pled guilty to conspiring to commit computer […]
Read More
2021 strategy predictions: Shifts in business models, shifts in security priorities
30 December 2020As companies of all sizes prepare for more challenges tied to the pandemic, as well as an expected transition to a permanent hybrid workforce, security plans will need to adapt. So what kind of strategic shifts might we see in 2021? More sophisticated phishing campaigns will probably mean enhanced email security. Digital identities may grow […]
Read More
Kawasaki Heavy Industries, a partner of defense companies and agencies, reports breach
29 December 2020Kawasaki Kobe Shipyard in Japan. (663highland/CC BY-SA 3.0) Some information from the overseas offices of Kawasaki Heavy Industries may have been leaked as a result of a breach, announced the manufacturer, which counts Boeing and the Japanese Defense Ministry among its customers. A Kawasaki announcement said the scope of the unauthorized access spanned multiple domestic […]
Read More
A Google Docs Bug Could Have Allowed Hackers See Your Private Documents
29 December 2020Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 […]
Read More
AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users
29 December 2020Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of […]
Read More
Data questions remain as UK exits EU
28 December 2020Last week’s Brexit deal solidifies the terms under which the United Kingdom will leave the EU. But the issue of data transfers remains open, with great potential for confusion among privacy officers around the globe. European privacy laws prohibit the transfer of personal information outside the Union without guarantees that the data will be held […]
Read More
A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
27 December 2020An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that’s used to interface with all other Orion system monitoring and management products suffers from a security […]
Read More