Security News > 2020 > February

Australian transportation and logistics giant Toll Group was forced to shut down some of its online services in response to a ransomware attack and customers are not happy with the way the company has handled the incident. A notice posted on the Toll website to inform customers about the incident promised regular updates, but many were displeased with the fact that the first update came only several days later.

A Twitter API could have enabled outsiders to match users' phone numbers to their corresponding accounts and potentially unmask anonymous users of the social media site. Still, many users who wanted better account security have likely given their phone numbers to Twitter.

Google might have mistakenly shared your private videos saved on the company's servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. According to a screenshot Jon Oberheide of Duo Security shared on Twitter, the issue reportedly remained active between 21st November and 25th November last year, during which "Some videos in Google Photos [service] were incorrectly exported to unrelated user's archives."

Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their de-anonymization. That is the same day that security researcher Ibrahim Balic revealed he had managed to match 17 million phone numbers to Twitter accounts by uploading a list of two billion automatically generated phone numbers to Twitter's contact upload feature, and match them to usernames.

How can you make a proactive business case for justifying expenses that advance your security program? I have a few suggestions based on my prior consulting experience and my recent work as a CISO at a cybersecurity firm. Security practitioners used to point to the need for defense-in-depth when explaining why the organization should fund yet another cybersecurity measure.

Based on a survey of more than 4,600 enterprise security practitioners around the globe, the study explores the extent to which organizations prioritize security, the effectiveness of current security efforts, and the impact of new security-related investments. From detailed modeling of cybersecurity performance, the study identified a group of elite "Leaders" - 17% of the research sample - that achieve significantly better results from their cybersecurity technology investments than other organizations.

Criminals sometimes damage their mobile phones in an attempt to destroy data. Manufacturers use those taps to test their circuit boards, but by soldering wires onto them, forensic investigators can extract data from the chips.

Automation is transforming the enterprise around the globe, directly impacting the bottom line as a result of improved productivity and efficiency, according to UiPath. Automation's impact on the workplace is not well understood and cannot be ignored: automation raises concerns about the impact on jobs, skills, wages, and the nature of work itself.

This is beginning to change as a result of certain security vendors, like Cynet, that provide a purpose-built partner offering that enables IT integrators, VARs and MSPs to provide managed security service with zero investment in hardware or personnel. The barriers to become an MSSP. The main obstacle to entering the MSSP market is a lack of prior security experience.

Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts. According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it easier for users to find people they may already know on Twitter by matching phone numbers saved in their contacts with twitter accounts.