The National Security Agency (NSA) released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems and abuse federated authentication.
The New York Attorney General’s Office (NYAG) reached a Consent and Stipulation Agreement with Dunkin’ Brands, Inc. (Dunkin), which obligates the company to implement and maintain a comprehensive information security program to protect customers’ private information. The terms of the consent agreement are similar to the terms New York reached with Zoom earlier this year regarding inadequate data security practices, and strongly resemble the reasonable security measures described in the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act).
U.S. federal agencies revealed criminal charges against five computer hackers, all of whom were residents and nationals of the People’s Republic of China (PRC). All were charged of computer intrusions affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.
Recently, two teens and a young adult infiltrated one of Silicon Valley’s biggest companies in a high-profile hack – and the biggest ever for Twitter. Authorities say the 17-year-old “mastermind” used social engineering tactics to convince a Twitter employee that he also worked in the IT department and gained access to Twitter’s Customer Service Portal. The 130-account takeover proved unique, as it was fundamentally a dramatic manipulation of trust and could have had far more world-changing consequences if the attackers had the aspirations of say, a dangerous fringe group versus that of a teenager. There are a few takeaways to learn here, especially when it comes to considering redefining what we classify as “critical infrastructure” and what must be protected at all costs.
Black Hat announces that Matt Blaze, McDevitt Chair in Computer Science and Law at Georgetown University, and Renée DiResta, Research Manager at Stanford Internet Observatory, will keynote Black Hat USA 2020, taking place virtually August 1-6.
Twitter accounts belonging to Joe Biden, Bill Gates, Elon Musk and Apple, and other high-profile accounts, were compromised in what Twitter said it believes to be an attack on some of its employees with access to the company's internal tools, says a CNN news report.
Fullstack Cyber Bootcamp, New York City's cybersecurity bootcamp partner, announced an initiative to offer free introductory courses to people nationwide, providing an opportunity for individuals to explore the cybersecurity industry as a potential career path.
The Amphion Forum (www.amphionforum.com) is taking place 28 March in Munich, and will feature a wide variety of experts in securing the "Internet of Things", or any device that connects to the internet but is not a PC.