SecurityWeek

WikiLeaks founder Julian Assange sought to recruit hackers at conferences in Europe and Asia who could provide his anti-secrecy website with classified information, and conspired with members of hacking organizations, according to a new Justice Department indictment announced Wednesday.

Google is tweaking its privacy settings to keep less data on new users by default.The search giant said that starting Wednesday, it will automatically and continuously delete web and app activity and location history for new users after 18 months.

The threat actor behind the Sodinokibi ransomware was observed scanning the victim networks for credit card or point of sale (POS) software.Sodinokibi, Symantec’s security researchers reveal, was found on the networks of three organizations that had been previously infected with the Cobalt Strike commodity malware.

Over a period of two years, a threat actor sold access to the compromised networks of 135 organizations in 44 countries and likely made over $1.5 million, Group-IB says.

VMware informed customers on Tuesday that it addressed a total of 10 vulnerabilities affecting its ESXi, Workstation and Fusion products, including critical and high-severity flaws that can be exploited for code execution on the hypervisor.

The threat actor behind the Dridex Trojan has released a new ransomware following months of development, Fox-IT researchers (part of NCC Group) reveal.

Cyber security is described as a form of asymmetric warfare. One side, the defenders, have limited numbers -- just the security team. The other side includes every blackhat hacker in the world -- that is, many, many thousands. The blackhats only need to succeed once; the defenders need to succeed many times every day. Bugcrowd seeks to reverse this impossible mathematics.

Republican senators have introduced what they have described as a “balanced” bill that would require technology companies to give law enforcement agencies access to encrypted user data.

The need for improved access control is proven by empirical observation -- it keeps failing. But improving access control beyond passwords suffers from a fundamental contradiction: while 98% of companies believe strong authentication is necessary for secure cloud adoption, 41% believe the username/password combination is one of the most effective access management tools, and 58% allow their employees to log on to corporate resources via social media credentials.

Twitter has permanently banned the account of Distributed Denial of Secrets (@DDoSecrets) after it posted links to stolen information belonging to hundreds of law enforcement organizations in the United States.

A top German court on Tuesday ordered Facebook to stop merging data collected through its Whatsapp and Instagram subsidiaries or other websites unless users explicitly agree, in a legal victory for competition authorities.

Microsoft president Brad Smith on Tuesday said Europe was the global leader on setting rules for big tech, two years after the EU implemented the GDPR, its landmark data privacy law.

Microsoft this week announced that Safe Documents, a feature meant to boost the protection of Microsoft 365 users when opening unsafe documents, is generally available.

Between the second and third weeks of March 2020, email scams and phishing attacks spiked by an unprecedented 436%. Such was the effect of the COVID-19 pandemic. Meanwhile, business email compromise (BEC) attacks have been less affected by the pandemic, but have also increased and evolved.

Twitter has started informing business customers that their billing information may have been exposed in what the company has described as a “data security incident” affecting its ads and analytics services.

Micro-segmentation combined with zero-trust access control between the segments is recommended as one of the best approaches to breach containment. This principle is now extended from the network infrastructure to the endpoint, whether that device is local in the office, portable, or remote at home.

The distributed denial-of-service (DDoS) botnets named XORDDoS and Kaiji recently started targeting exposed Docker servers, Trend Micro warned on Monday.

The United States is taking additional steps toward serving .gov domains over encrypted connections, and this week laid out plans to preload the entire top-level domain (TLD).

Apple kicked off its 2020 Worldwide Developers Conference (WWDC) on Monday — a virtual event due to the current coronavirus pandemic — and announced several new privacy features coming to its products.

Mitsubishi Electric and its subsidiary ICONICS have released patches for the vulnerabilities disclosed earlier this year at the Pwn2Own Miami hacking competition, which focused on industrial control systems (ICS).