Round Up of Major Breaches and Scams
Thanks to the COVID-19 crisis, security professionals are more concerned than ever about potential breaches, according to a survey released by Black Hat this week. Respondents – 273 top security professionals – registered record levels of concern about near-term compromises of their own IT environments, as well as US critical infrastructure.
Check Point experts discovered a sophisticated phishing campaign aimed at collecting corporate data and compromising Microsoft Office 365 accounts. To avoid detection, hackers used the servers of well – known organizations such as Oxford University, Adobe and Samsung. 43% of these attacks were targeted at European companies, while the rest were seen in Asia and the Middle East.
Round Up of Major Malware and Ransomware Incidents
“Our experts have deconstructed a strain of malware called Glupteba that uses just about every cybercrime trick you’ve heard of, and probably several more besides. Like a lot of malware these days. Glupteba is what’s known a zombie or bot (short for software robot) that can be controlled from afar by the crooks who wrote it.”
Security experts have identified a self-propagating malware, dubbed Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks. The never-before-seen malware initially tries to infect PCs by bombarding them with exploits in hopes of taking advantage of an “exhaustive” list of unpatched vulnerabilities.
Round Up of Major Vulnerabilities and Patches
A new service called HEY claims to have a fresh take on email. It gives users of the new email service, an easy way of sharing a public link to an email thread. HEY displays a clear message that sharing the link would allow anyone in the world to access it. But it doesn’t seek the permission of anyone else on that email thread.
NVIDIA has released security updates to address security vulnerabilities found in GPU Display and CUDA drivers and Virtual GPU Manager software that could lead to code execution, denial of service, escalation of privileges, and information disclosure on both Windows and Linux machines.