Security News > 2020 > January

San Francisco-based startup AppOmni has raised $10 million in Series A funding round led by ClearSky and supported by existing investors Costanoa Ventures, Silicon Valley Data Capital, and Twilio's COO George Hu. This brings the total raised by the firm to $13 million. The problem is the sheer volume of SaaS applications used by businesses - dozens for smaller companies and hundreds for the larger enterprises - all of which have different security controls sometimes with user manuals running to a hundred or more pages.

While there are dozens of metrics available to determine success, here are two key cybersecurity performance indicators every organization should monitor. According to the SANS 2019 Incident Response survey, 52.6% of organizations had an MTTD of less than 24 hours, while 81.4% had an MTTD of 30 days or less.

After observing an increase in the number of fraudulent transactions, Google over the weekend announced that it halted the publishing of paid items to the Chrome Web Store. "Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users. Due to the scale of this abuse, we have temporarily disabled publishing paid items," Simeon Vincent, extensions developer advocate at Google, explains.

Britain on Tuesday greenlighted a limited role for Chinese telecoms giant Huawei in the country's 5G network, but underscored that "High risk vendors" would be excluded from "Sensitive" core infrastructure. London's decision, following a meeting of the National Security Council chaired by Prime Minister Boris Johnson, came shortly after Brussels said it would allow Huawei a limited 5G role in the European Union.

Cisco on Tuesday announced the launch of a security solution for the Industrial Internet of Things that is designed to help organizations identify threats across their IT and OT environments. The networking giant's new IoT solution, which includes Cisco Cyber Vision and Cisco Edge Intelligence software-based services, provides enhanced visibility, analytics, automation, and security.

Google reportedly has a database called Sensorvault in which it stores location data for millions of devices going back almost a decade. The article is about geofence warrants, where the police go to companies like Google and ask for information about every device in a particular geographic area at a particular time.

Intel on Monday informed customers that researchers have identified yet another speculative execution attack method that can be launched against systems that use its processors. The disclosure of the Meltdown and Spectre vulnerabilities back in January 2018 paved the way for the discovery of several speculative execution side-channel attack methods impacting modern processors.

Video-conferencing outfit Zoom had a vulnerability in its URL scheme that miscreants could exploit to eavesdrop on private meetings. The firm reckoned that around 4 per cent of randomly generated meeting IDs led to genuine Zoom meetings.

Attackers using Ryuk and Sodinokibi - aka REvil - are increasingly "Focusing their attacks on large companies where they can attempt to extort the organization for a seven-figure payout," it says, noting that the average Ryuk ransom payment last quarter was $780,000. One commonality across all types of tools is that attackers overwhelmingly continue to demand ransom payments in bitcoins.

Researchers are warning that while LoRaWAN itself is perfectly secure, poor device security and user mistakes in configuration and implementation can still lead to hacks and widespread operational disruption. The application-layer security is responsible for confidentiality, with end-to-end encryption between the device and the application server, preventing third parties from accessing the application data being transmitted.