Новости за 21.04.2020

Oil and gas organizations have been targeted in recent spearphishing campaigns using the "Agent Tesla" spyware Trojan, security firm Bitdefender says. 

April is a time for tax-related phishing scams, and we haven't been let down this year despite the dominance of COVID-19-themed phishing campaigns. DMARC should stop phishing, right? Not unless the targeted domain itself is spoofed.

Dramatic Increase in Company Compromises Correlates with Coronavirus-Sparked Lockdowns 

San Francisco-based identity and access management (IAM) solutions provider ForgeRock has raised $93.5 million in a Series E funding round, which brings the total raised by the company to more than $230 million.

A security researcher says IBM has told him that it would not be patching several vulnerabilities found in its Data Risk Manager product, despite demonstrating that they can be exploited by a remote, unauthenticated attacker to execute arbitrary code with root privileges. [UPDATE BELOW]

An update released on Tuesday for OpenSSL patches a high-severity vulnerability that can be exploited for denial-of-service (DoS) attacks.

South Korean video gaming company Gravity is the latest victim of the China-linked threat actor tracked as the Winnti Group, security researchers say.

A DLL side-loading vulnerability related to the Microsoft Terminal Services Client (MSTSC) can be exploited to bypass security controls, but Microsoft says it will not be releasing a patch due to exploitation requiring elevated privileges.

Google this week announced the availability of a cloud-based solution meant to help work-from-home employees securely access enterprise resources.

Google this week announced the creation of a COVID-19 grant fund aimed to help bug hunters who participate in its Vulnerability Reward Program (VRP).