Security News > 2020 > March

Security Compass, a software security company that provides organizations with technology to balance secure software development with speed of software delivery, announced that it has added content to SD Elements that enables organizations operating in California to maintain or achieve compliance under the California Consumer Privacy Act. Security Compass customers have immediate access to new content within the SD Elements platform, which was built for automating balanced development.

HYAS, a leader in threat intelligence and attribution, announced HYAS Insight, a threat intelligence and attribution solution that improves visibility and productivity for analysts, researchers and investigators while vastly increasing the accuracy of their findings. HYAS Insight lets analysts connect specific attack instances and campaigns to billions of historical and real-time indicators of compromise faster than ever before, bringing invaluable new intelligence and visibility to security efforts.

Seagate Technology, a world leader in data solutions, announced the latest in high-performance solutions for multi-user NAS environments, adding to their award-winning IronWolf SSD product line. Seagate's IronWolf 510 is an M.2 NVMe SSD with caching speeds of up to 3GBps for NVMe-compatible systems and is ideal for creative pros and business NAS needing 24×7 multi-user storage that is cache enabled.

Peng earlier confessed that SD cards loaded with information stolen from an unspecified US company were left for him to collect at hotels by a contact only known as Ed. Peng would also hide tens of thousands of dollars in hotel rooms for Ed to collect as payment. Prosecution paperwork [PDF] stated that, from 2015 through 2019, Peng agreed to, under orders from the Chinese Ministry of State Security, collect SD cards filled with stolen corporate information, and fly to China to drop them off to government snoops.

The investment round will bring CoreStack's total funding to $13 million and will help the company aggressively expand its sales and marketing efforts as well as accelerate product development. The Series A financing follows a record year of growth for CoreStack which saw a rapidly expanding roster of enterprise clients across U.S., Europe and India, key executive appointments, and significant market traction with enterprises adopting CoreStack as Governance landing zone for large scale cloud adoption.

Balbix, provider of the industry's first system for cybersecurity posture transformation, announced the addition of Shelly Morales as the company's new Vice President of People. As VP of People at Balbix, Morales will provide innovative leadership over the global HR department, leading organizational culture initiatives, employee engagement programs and talent acquisition to drive company performance.

Late last week, researchers at network intelligence company DomainTools warned about an Android malware sample that caught our attention. Like many other cyberthreats doing the rounds these days, the criminals have used the coronavirus pandemic as a lure, offering an intriguing if rather creepy app called COVID 19 TRACKER. The website promoting the app offers to "Track Real-Time Coronavirus Outbreak in your Street, City and State", and says it will "Get Real-Time Statistics about Coronavirus outbreaks around you in over 100 countries."

A little more than a week after forgoing March's Patch Tuesday hullabaloo, Adobe has emitted fixes for dozens of security flaws in its applications. The ever-vulnerable Reader and Acrobat on Windows and macOS require patching for 13 CVE-listed holes, nine of which can be exploited to gain malicious code execution on vulnerable machines.

Kristin Del Rosso and other threat researchers with cybersecurity company Lookout have found a new kind of coronavirus cyberattack designed to spread potentially malicious Android applications that appear to be the most recent piece of tooling in a larger mobile surveillance campaign operating out of Libya and targeting Libyan individuals. At least three new apps related to coronavirus have been created using the same infrastructure as those applications and the Lookout investigation discovered that they can be traced back to IP addresses operated by Libyan Telecom and Technology, a consumer internet service provider.

WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 - while input-validation bugs edged out cross-site scripting as the most-weaponized weakness type. The firm found that WordPress and Apache Struts alone accounted for a combined 57 percent of exploited framework bugs during the year.