News

A new malware family has been linked to the threat group behind Trickbot, a popular information-stealing Trojan. The Cybereason Nocturnus research team said that since April this year, the backdoor has been used in attacks against organisations across the US and Europe. In particular, organisations in the healthcare, IT, manufacturing, logistics, and travel industries are at risk. The cybersecurity researchers documented how the first variants of the malware appeared in the wild during April, but...

Billionaires Jeff Bezos, Bill Gates and Elon Musk amongst other prominent US figures have been targeted by hackers on Twitter in an apparent Bitcoin scam. The official accounts of Joe Biden, Barack Obama and Kanye West were also reportedly hacked to request donations in the cryptocurrency. "Everyone is asking me to give back," a tweet from Bill Gates' account read. "You send $1,000, I send you back $2,000."   Source: BBC

It will become illegal for UK telecos to buy new Huawei equipment from the end of this year once a new bill takes effect. Culture secretary Oliver Dowden told the house of commons yesterday that the legislation would also require the complete removal of all Huawei kit from 5G networks by 2027. The decision followed advice from the NCSC which recommend that Huawei’s post-FDPRA (US sanctions) equipment is not used in the UK at all, as continuing to supply...

The impacted products include routers, IP cameras, DVRs, and smart TVs. Nearly four years after Mirai first demonstrated how ordinary Internet-connected devices could be turned into remotely controlled attack systems, variants of the malware continue to surface with troubling regularity. This week, researchers from Trend Micro discovered a brand-new Mirai variant designed to exploit a set of previously disclosed vulnerabilities in routers, IP cameras, DVRs, and other products from multiple vendors, including Comtrend, D-Link, MV...

DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses. Because it is such a core component of the internet, there are many solutions and implementations of DNS servers out there, but only a few are extensively used. “Windows DNS Server” is the Microsoft implementation and is an essential part of and a requirement for a Windows Domain environment. SIGRed (CVE-2020-1350) is...

Video sharing platform TikTok has been fined by a South Korea regulator over mishandling child data.   The country's telecommunications watchdog, The Korea Communications Commission (KCC), said it has fined the company 186 million won -- around $155,000 -- for failing to protect users' private data. The fine is equivalent to 3% of the company's annual sales in South Korea, an amount designated for such violations under local privacy laws. The investigation began last year...

Security firm G4S has been fined £44m by the Serious Fraud Office (SFO) as part of an agreement that will see it avoid prosecution for overcharging the Ministry of Justice for the electronic tagging of offenders, some of whom had died. The SFO said G4S had accepted responsibility for three counts of fraud that were carried out in an effort to “dishonestly mislead” the government, in order to boost its profits.   Source: The Guardian

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, according to cybersecurity firm Onapsis, which uncovered the flaw.   Source: The Hacker News

Passwords have always been a weak link in security, but people are so used to them that getting them to change to a more secure form of authentication has been a difficult task. Could COVID-19 be the catalyst that ends up ushering in passwordless access? The push is slowly happening. Gartner predicts that 60% of enterprises and 90% of midsize businesses will move to passwordless authentication by 2022. Although it has been discussed as option...

A hacker claims to have breached the backend servers belonging to a US cybersecurity firm and stolen information from the company's "data leak detection" service. The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that have leaked from other companies in previous security breaches. The databases have been collected inside DataViper, a data leak monitoring service managed by Vinny Troia, the security researcher behind Night Lion...