Security News > 2020 > January

It's that time of year: RSA Conference 2020 USA is coming up in February. RSA Conference is in its 29th year, having grown and evolved to serve the changing needs of the members of the whole cybersecurity community.

Upstream Security's 2020 Automotive Cybersecurity Report shares in-depth insights and statistics gleaned from analyzing 367 publicly reported automotive cyber incidents spanning the past decade, highlighting vulnerabilities and insights identified during 2019. The number of automotive cybersecurity incidents has increased dramatically: Since 2016, the number of annual incidents has increased by 605%, with incidents more than doubling in the last year alone.

The Open Connectivity Foundation announced that products from BSC Computer GmbH, COMMAX, Haier, LG Electronics, Resideo, Samsung Electronics and SURE Universal will complete OCF 2.1 certification in 2020, ensuring robust and secure connectivity between devices. "In the near future, smart homes and buildings will have typically over 200 different products improving comfort, security and energy usage. Having all of these powered by mains cables or batteries which need to be regularly changed or re-charged is simply not practical," said Jörg Hofmann, CEO, BSC Computer GmbH. "By introducing the EnOcean energy harvesting wireless standard into the OCF world, BSC Computer has enabled simple addition of multiple 'peel and stick' maintenance-free sensors and switches into their smart buildings via the BSC smart secure gateway, a major expansion and improvement of the excellent interoperable OCF eco-system."

"Payment players will need to get their data houses in order, given that we anticipate the introduction of new payment rails and open solutions in 2020, as well as a sustained increase in cross-border transaction volume." "Payment tokens help make transactions safer by eliminating the transfer of actual payment data for e-commerce and mobile payments and can deliver a seamless yet secure digital payment experience."The updated 3-D Secure specification enables real-time exchange of 10 times more contextual data between merchants and financial institutions to improve decision-making.

A group claiming to be hackers from Iran breached the website of a little-known US government agency on Saturday and posted messages vowing revenge for Washington's killing of top military commander Qasem Soleimani. The website of the Federal Depository Library Program was replaced with a page titled "Iranian Hackers!" that displayed images of Iran's supreme leader Ayatollah Ali Khamenei and the Iranian flag.

Iran's retaliation for the United States' targeted killing of its top general is likely to include cyberattacks, security experts warned Friday. A top U.S. cybersecurity official is warning businesses and government agencies to be extra vigilant.

A now-former senior IT exec has admitted conning his employer out of $6m - by setting up a fake tech services biz that billed his bosses for bogus services. Back in 2015, Kabbaj set up a shell company called Interactive Systems that was pitched as an IT services provider, but was in fact little more than a business name and a bank account.

Boeing convinced itself that their product was extremely safe. I've made my own effort to imagine how this process went so far "Off the rails" and what might have prevented the catastrophe.

While the notice did not mention any specific threat against the U.S., it did note that "Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States." Tom Kellermann, the head of cybersecurity strategy at VMware, who served as a cybersecurity adviser to the Obama administration, says that a retaliatory cyber strike by Iran is almost assured.

A breach stemming from malware infecting a medical imaging server at a small, rural New Mexico hospital serves as a reminder of medical equipment data security and privacy vulnerabilities and risks faced by facilities of all sizes. While Roosevelt General says in its statement that the malware infecting a digital imaging server did not affect EHRs, the risk of medical device security incidents also affecting records systems is a growing worry, some experts say.