Security News > 2020 > January

Apple this week released software updates to address tens of security flaws in iOS, iPadOS, macOS Catalina, and other products. A total of 23 vulnerabilities were addressed in iOS 13.3.1 and iPadOS 13.3.1, now rolling out for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation.

Much more powerful, deception technologies leverage artificial intelligence and machine learning to enable the automated deployment of fake content, lists, databases and access points that play directly into the attackers' desires and then trap them into false storage or network areas and occupy them until the threat can be contained. Deception technologies enable the sort of proactive defense strategy that the industry can easily adopt to help to reduce data breaches.

It is worth noting, for example, that SCV's existing portfolio of companies are all too early stage or Series A investments to be considered for purchase by the new SVCX. The ability of the SPAC's Board to find a new company or companies and recognize evolving trends is vital to the future of the company - and the SCVX line-up includes a recent director of national intelligence, the current CISO from the Bank of New York, a former Goldman Sachs managing director, and a former chief security scientist from the Bank of America. SecurityWeek talked to Mike Doniger and Hank Thomas about the direction and purpose of the new SPAC. "Some SPACs," Doniger explained, "Are broad in nature, saying they will buy an industrial company or an energy company. We've taken a different approach, with the targeted purpose of buying a cybersecurity firm."

Russia has blocked a second encrypted email provider, Swiss-based ProtonMail, in efforts to halt a prolonged series of anonymous bomb threats, the security service said Wednesday. The FSB security service said Russia acted against Geneva-based ProtonMail after blocking another social network, Netherlands-based Smartmail, for the same reason last week.

Attacks against endpoints have become more costly, up more than $2 million since 2018. With the rise in BYOD and employees working from home or remotely, endpoints have become more prevalent.

A long-running marketplace for selling stolen payment card data is advertising a large new batch linked to the breach at Wawa convenience stores late last year. Joker's Stash claims its latest dump contains as many as 30 million payment cards from 40 states.

The NHS has suffered 209 successful ransomware attacks since 2014, according to new figures based on Freedom of Information requests, but with a dramatic improvement since 2017, the year WannaCry ransomware hit the health service. The WannaCry attack in 2017 - famously thwarted by Brit white hat hacker Marcus Hutchins - caused a spike to 101 incidents and we know many of these were severe.

As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice-significantly increasing the Managed Security Service Provider market opportunities. This is beginning to change as a result of certain security vendors, like Cynet, that provide a purpose-built partner offering that enables IT integrators, VARs, and MSPs to provide managed security service with zero investment in hardware or personnel.

Measurement instruments that support the Standard Commands for Programmable Instruments protocol are exposed to hacker attacks, cybersecurity firm Trend Micro warned on Tuesday. First released in 1990, SCPI is an ASCII-based standard designed for test and measurement devices.

Qualys researchers have discovered a critical vulnerability in OpenBSD's OpenSMTPD mail server, which can allow attackers to execute arbitrary shell commands on the underlying system as root. OpenSMTPD is an open source implementation of the Simple Mail Transfer Protocol.