Inbox Attacks: The Miserable Year (2020) That Was
threatpost.com/miserable-spam-year-2020/162566/ Purging your inbox has become a year-end tradition for many. A short hiatus for the holidays often provides a quiet moment to flush the previous year’s mountain of spam. And, from the looks of our 2020 inbox, years of herculean efforts to harden email defenses have fallen short. The most-targeted business attack vector continues to be our inboxes.
The strangest cybersecurity events of 2020: a look back
blog.malwarebytes.com/security-world/2020/12/the-strangest-cybersecurity-events-of-2020-a-look-back/ This year is finally coming to an end, and it only took us about eight consecutive months of March to get here. There is a ton to talk about, and that’s without even discussing the literal global pandemic. You see, 2020’s news stories were the pressure-cooker product of mania, chaos, and the downright absurd. “Murder hornets” made the journey to the US. Mystery seeds from China arrived in US mailboxes. The Pentagon officially released three videos of “unidentified aerial phenomena”which many interpreted as three videos of alien spacecraft.
Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
thehackernews.com/2021/01/secret-backdoor-account-found-in.html Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in wide-range of Zyxel devices, including Unified Security Gateway (USG), USG FLEX, ATP, and VPN firewall products.
Would you take the bait? Take our phishing quiz to find out!
www.welivesecurity.com/2020/12/31/would-you-take-bait-phishing-quiz hishing comes in a number of forms and remains one of the most pervasive online scams, as both consumers and businesses face an incessant stream of unsolicited emails, texts and even phone calls where bad actors impersonate a trusted institution and attempt to purloin login data, money and identities.