Security News > 2020 > March

From the EARN IT Act to the Martinelli hoax - and everything in between. It’s your weekly security roundup.

That's according to Professor Marylouise McLaws, a technical adviser to the World Health Organization's Infection Prevention and Control Global Unit. McLaws - a professor at the University of New South Wales' School of Public Health and Community Medicine in Australia, and a member of European, US and UK epidemiology and infection control bodies - told The Register tracking played a key role in nations that were able to flatten the exponential curve of COVID-19 cases - particularly Singapore, Taiwan and South Korea.

As happens every time there is a major news event, scumbags exploit the public's interest to spread malware. This time, criminals have picked on the World Health Organization's handling of the global COVID-19 coronavirus pandemic.

Is crowdsourced security really a panacea to the ills of traditional pentesting or does it create more issues? Before we tackle this let's cover what the issues of traditional pentesting actually are. A tactical solution to this has been to "Cycle" pentesting suppliers each year but - the pentesting pool of talent being so small and specialized - I've witnessed companies ending up with the same pentester two years in a row, but now working for a different company!

From Marriott to Facebook, the biggest data breaches in 2019 were the result of careless handling of customer data. IBM's 2019 Cost of a Data Breach Report found that data breaches on average cost organizations $3.92 million per incident.

During 2019 a SafeBreach research team discovered major vulnerabilities in widely used security products that were written and tested by reputable cybersecurity companies. Product What can happen Underlying flaws Trend Micro Maximum Security 2019 and 2020 DLL Search-Order Hijacking Signed Execution Whitelisting Bypass Uncontrolled search path, no digital certificate validation against the binary.

More than half of enterprises are in the "Mature" phase of AI adoption - defined by those currently using AI for analysis or in production - while about one third are evaluating AI, and 15% report not doing anything with AI, an O'Reilly survey reveals. Currently, just one-fifth of respondent organizations report having formal data governance processes and/or tools to support and complement their AI projects, similar to findings uncovered in the survey.

Censinet, the leading collaborative risk network for healthcare organizations, announced new products and capabilities across three strategic areas - Continuous Monitoring, Controls Validation, and Vendor Lifecycle Workflows. "Healthcare organizations demand faster, higher-quality and more complete risk assessments across their supply chain. It drives our vision of 'taking the risk out of healthcare' and delivering unique capabilities such as One-Click Assessments™," said Ed Gaudet, CEO and founder of Censinet.

NCI Information Systems, a leading provider of advanced information technology solutions and professional services to U.S. federal government agencies, announced the launch of the NCI Empower platform to accelerate artificial intelligence adoption in the public sector. "Our philosophy has always been that by Scaling Humans with Artificial Intelligence, or Shai, a workforce can be empowered to reach their full human potential," said Paul A. Dillahay, president and CEO of NCI. "Today, we are excited to take that philosophy one step further with the announcement of our NCI Empower platform."

Kangaroo, the leader in accessible, customizable home security technology, launches Privacy Camera, an indoor home security camera engineered to protect a user's home and privacy. "True home security involves much more than just protecting a physical space, it's about safeguarding the people within it, as well" said Maximus Yaney, co-founder and CEO of Kangaroo.