Security News > 2020 > March

The National Institute for Standards and Technology has published the draft version of SP 800-53: Security and Privacy Controls for Information Systems and Organizations. The publication provides a catalog of security and privacy controls that will help protect organizational operations and assets.

Every network administrator needs to know how to listen to port traffic on a server. So you have a Linux server up and running, but you either suspect there might be some nefarious traffic coming in, or you just want to know what's going on at all times with this new machine.

Do you know what information you share within the Google ecosystem? You can easily control what is visible or hidden, from with your Android device. Find out how.

If exploited, the flaws could enable bad actors to execute commands with root privileges on affected systems. The three flaws are located in various Cisco hardware and software products running the company's SD-WAN software earlier than Release 19.2.2.

For years, the EFF has been saying that developing algorithms that the FBI and law enforcement can use to identify similar tattoos from images - similar to how automated facial recognition systems work - raises significant First Amendment questions. UNICAMP also said that its researcher - Prof. Léo Pini Magalhãe - is adding to the dataset by grabbing images of tattoos from the web: a practice that the EFF noted has increasingly come under fire from Congress in light of the Clearview AI face recognition scandal.

Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of the browser. The pause, the Internet giant says, was caused by an adjusted work schedule due to the current COVID-19 epidemic, and affects both Chrome and Chrome OS releases.

A recently discovered TrickBot variant targeting telecommunications organizations in the United States and Hong Kong includes a module for remote desktop protocol brute-forcing, Bitdefender reports. Now, its operators apparently added a new rdpScanDll module to the threat, to brute-force RDP for a specific list of victims.

Making better cloud infrastructure deployment choices upfront - and a shift from DevOps teams to DevSecOps - will help businesses better secure information, said Olson. We've been expanding new directions, writing reports about cloud vulnerabilities, cloud threats, IoT vulnerabilities and IoT threats, all sorts of stuff.

Phishing is typically used to gain credentials so attackers have access to an organization's systems, or as a way to deploy malware directly. One of the key reasons phishing is so successful is how easy it is to execute, and how many ways it can be used.

Much of the US healthcare system is running on outdated software and unsupported operating systems, such as Windows 7, leaving devices vulnerable to hackers actively exploiting the coronavirus. Atlas based part of its findings on a Palo Alto Networks survey of 1.2 million Internet of Things devices used in thousands of healthcare organizations across the US. Palo's survey found that 56% of devices were still running on the Windows 7 operating system, which Microsoft stopped supporting in January of this year.