Month: December 2020

Non-profit yang didirikan oleh Gates Foundation menderita eksposur besar dari catatan siswa

31 December 2020

Dapatkan Schooling, yang berbasis di New York amal menderita data paparan yang meninggalkan catatan yang terkait dengan ratusan ribu siswa yang tidak aman AWS ember yang terbuka dan dapat diakses dari internet. Pemaparan pertama kali diidentifikasi oleh TurgenSec, sebuah perusahaan keamanan yang berbasis di Inggris, yang menerima pengajuan dari anonim pihak ketiga yang berisi data […]

Read More

Financial services industry hit with tens of millions of attacks per day

31 December 2020

During the past year the financial services industry was hit with millions or tens of millions of attacks per day. (Uris English Wikipedia/CC BY-SA 3.0) In an update of its State of the Internet report, Akamai found that in the past year the financial services industry was hit with millions or tens of millions of […]

Read More

The 2020 SolarWinds reality check: As cleanup continues, community considers implications

31 December 2020

What might go down as the most consequential story of the year for the cybersecurity community only surfaced in December, despite the alarming realization that the SolarWinds supply chain hacking took place months before. Cybersecurity experts predict years of clean up, both physical and political, from the infiltration attributed to Russia, which pushed malicious updates for the […]

Read More

Ticketmaster fined $10 million in corporate espionage scheme

31 December 2020

The Department of Justice announced Wednesday Ticketmaster would pay a $10 million fine as part of a differed prosecution agreement for using an employee’s login credentials to his former employer’s computer systems to garner information on the competitor. Zeeshan Zaidi, the former head of artist services at Ticketmaster, pled guilty to conspiring to commit computer […]

Read More

2021 strategy predictions: Shifts in business models, shifts in security priorities

30 December 2020

As companies of all sizes prepare for more challenges tied to the pandemic, as well as an expected transition to a permanent hybrid workforce, security plans will need to adapt. So what kind of strategic shifts might we see in 2021? More sophisticated phishing campaigns will probably mean enhanced email security. Digital identities may grow […]

Read More

Kawasaki Heavy Industries, a partner of defense companies and agencies, reports breach

29 December 2020

Kawasaki Kobe Shipyard in Japan. (663highland/CC BY-SA 3.0) Some information from the overseas offices of Kawasaki Heavy Industries may have been leaked as a result of a breach, announced the manufacturer, which counts Boeing and the Japanese Defense Ministry among its customers. A Kawasaki announcement said the scope of the unauthorized access spanned multiple domestic […]

Read More

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

29 December 2020

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 […]

Read More

AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users

29 December 2020

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of […]

Read More

Data questions remain as UK exits EU

28 December 2020

Last week’s Brexit deal solidifies the terms under which the United Kingdom will leave the EU. But the issue of data transfers remains open, with great potential for confusion among privacy officers around the globe. European privacy laws prohibit the transfer of personal information outside the Union without guarantees that the data will be held […]

Read More

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware

27 December 2020

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that’s used to interface with all other Orion system monitoring and management products suffers from a security […]

Read More