Security News > 2020 > March

I'd like to thank everybody for joining us today for our webinar, "5G, the Olympics and Next Generation Security Challenges." Today, we are going to be hearing from a couple of experts in the arena: Russ Mohr who is an engineer and Apple Evangelist at MobileIron; and also Jerry Ray, who is a COO at SecureAge - he works in Tokyo quite a bit, so he will have some feet-on-the-ground information for us, which is great. Something to note about our agenda, clearly: The hook here is that we're going to use the Tokyo Summer Games as a jumping off point to discuss what's possible with 5G technology rolling out.

A vulnerability that OpenWrt addressed in its opkg fork could have been exploited for the remote execution of arbitrary code. "Due to the fact that opkg on OpenWrt runs as root and has write access to the entire filesystem, arbitrary code could be injected by the means of forged.ipk packages with malicious payload," OpenWrt notes in an advisory.

Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS. In terms of security, the attention grabber is iOS/iPad 13.4, which fixes 30 CVEs. As usual, WebKit browser engine and Safari gave Apple plenty to fix, all but one of which were found by sources outside the company, including an arbitrary code execution flaw, CVE-2020-3899, credited to Google's open source fuzzing tool, OSS-Fuzz.

Amid this planet's ongoing pandemic and stay-at-home measures, if you're keen to repurpose all that time previously spent commuting, attending conferences, and so on, why not take a look at the SANS Institute's Online Cybersecurity Training. SANS has been researching and educating the cybersecurity industry since 1989, building its fully GIAC-certified training courses around in-person events held worldwide.

Evasive malware has grown to record high levels, with over two-thirds of malware detected by WatchGuard in Q4 2019 evading signature-based antivirus solutions. Companies of all sizes need to deploy advanced anti-malware solutions that can detect and block these attacks.

The survey reported a 347% increase in account takeover and 391% rise in shipping fraud attempts globally against its online retail customers from 2018 to 2019. "With so many reported data breaches, it's not just about if your account will be hijacked, it's about when," said Melissa Gaddis, senior director of customer success for TransUnion Fraud & Identity Solutions.

Less than 50 percent of organizations can patch vulnerable systems swiftly enough to protect against critical threats and zero-day attacks, and 81 percent have suffered at least one data breach in the last two years, according to Automox. The research surveyed 560 IT operations and security professionals at enterprises with between 500 and 25,000 employees, across more than 15 industries to benchmark the state of endpoint patching and hardening.

"Organizations need to implement advanced data classification, data anonymization, data masking, encryption, security, and access controls in order to set themselves up for successful compliance. ESG believes that many organizations are only ready on the surface - with marketing opt-in/out processes, for example." Protecting customer data privacy a strategic imperative for businesses.

In this webinar, Mark Sangster discusses how the COVID-19 crisis is affecting businesses and individuals and the need to stay vigilant. Emerging threats from bad actors who are taking advantage of the COVID-19 crisis are inevitable.

Sysdig, the secure DevOps leader, announced cloud monitoring at scale with full Prometheus compatibility. Sysdig is the only enterprise monitoring solution to be fully compatible with Prometheus.