Security News > 2020 > March

Thirdwayv, a leading provider of end-to-end connectivity and security solutions for IoT applications, announced it has completed the formation of its Advisory Board with the appointment of five executives from a cross section of industries and disciplines that are fueling the next major wave of connected medical solutions and other safety-critical products and services. The five industry veterans who have joined Dr. Aiman Abdel-Malek, the Thirdwayv Advisory Board's executive chairman, include David C. Klonoff, M.D., who is founder of the Diabetes Technology Society that was key in driving the development of digital diabetes systems globally.

Rockville, Maryland-based startup Sepio Systems, a rogue device mitigation firm, has raised a further $4 million that supplements the Series A round of $6.5 million announced in November 2019. The current chairman of the board, Tamir Pardo, was formerly the director of Mossad, while another advisor is a former CISO with the CIA. The service provided by Sepio is to detect and mitigate any rogue device that has been attached to the corporate infrastructure.

Symantec customers, or rather Broadcom customers these days, were taken offline for a while on Wednesday when the security service's data centers around the planet went down. The Web Security Service platform, acquired when Broadcom hoovered much of Symantec's operations last year, sells web-based site and file scanning for businesses.

Apple has released a slew of patches across its iOS and macOS operating systems, Safari browser, watchOS, tvOS and iTunes. Of the CVEs disclosed, 30 affected Apple's iOS, 11 impacted Safari and 27 affected macOS. Users for their part are urged to update to iOS 13.4, Safari 13.1 and macOS Catalina 10.15.3.

Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Here's a sobering statistic: According to PhishLabs, by the end of 2019 roughly three-quarters of all phishing sites were using SSL certificates.

To ease some of the burden, many organizations have started migrating their security tools to the cloud. Based on a survey of 130 security practitioners, Exabeam's report found that 52% of the respondents started moving to cloud-based security products during or before 2018.

A global survey of 1,000 security professionals commissioned by industrial cybersecurity company Claroty has revealed that over 70% would rather work in IT enterprise cybersecurity than industrial security. Globally, over 75% of IT security pros said they prefer enterprise cybersecurity to industrial cybersecurity.

The Federal Bureau of Investigation recently took down a Russian-based online platform where various cybercrime products and services were being sold, the Department of Justice announced on Tuesday. In addition to shutting down the platform, the FBI arrested its suspected administrator, alleged Russian hacker Kirill Victorovich Firsov.

Security patches released this week by Apple for many of its products address a variety of vulnerabilities, including multiple issues that could lead to arbitrary code execution on the affected devices. The patched flaws could result in the execution of arbitrary code with system or kernel privileges, leak of kernel memory, privilege escalation, leak of sensitive information, disclosure of restricted memory, or code signing bypass.

Between Jan. 20 and March 11, researchers observed APT41 exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of the widespread espionage campaign. Starting on Jan. 20, researchers observed the threat group attempting to exploit the notorious flaw in Citrix Application Delivery Controller and Citrix Gateway devices revealed as a zero-day then patched earlier this year.