Security News > 2020 > March

More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. According to security firm Comparitech, the database, which was hosted on Google Cloud, is said to have been first indexed by search engine BinaryEdge on 26th January and discovered a day later by cybersecurity researcher Bob Diachenko.

The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates.

Total mobile data traffic will reach 131 exabytes per month, with 35 percent carried by 5G networks. While mobile phones will consume the bulk of the data, the sheer number and wide variety of devices that will be connected via 5G technology is likely to pose security threats not faced by previous generations of mobile networks, explains Professor Robert Deng at the SMU School of Information Systems.

As of January 2020, nearly 1 million domains have published DMARC records - an increase of 70% compared to last year, and more than 180% growth in the last two years. Just 13% of all DMARC records are configured with enforcement policies, demonstrating that interest in DMARC is increasing but DMARC expertise is not keeping pace.

In today's perilous cyber world, companies must carefully check their vendors' cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire. These can be a headache, because many questionnaires include hundreds of questions, and many of them are irrelevant.

Keysight Technologies, a leading technology company that helps enterprises, service providers and governments accelerate innovation to connect and secure the world, announced the release of the UHD100T32 100 Gigabit Ethernet test system, the industry's first test system purpose-built to help data center operators and network equipment manufacturers meet the density and cost-per-bit challenges of validating 100GE devices and networks. Keysight's new UHD100T32 test system, co-developed with Barefoot Networks, an Intel company, is purpose-built to meet the requirements of the modern networking infrastructure ecosystem.

BetterUp, the market leader and pioneer of mobile, personalized coaching for professionals, announced two new product innovations - Identify AI and Coaching Clouds - to help organizations deliver more effective, hyper-personalized coaching at scale to any employee at any level in the organization. "According to our data, when employees are offered learning programs tailored to their preferences, they put twice as much effort into learning and development, and experience a 180% increase in job effectiveness. We're thrilled to be launching Identify AI and Coaching Clouds to help organizations improve the ROI of their L&D investments."

Not happy with your expensive iPhone and wondered if it's possible to run any other operating system on your iPhone, maybe, how to install Android on an iPhone or Linux for iPhones? "The iPhone restricts users to operate inside a sandbox. But when you buy an iPhone, you own the iPhone hardware."

Radisys, a global leader of open telecom solutions, announced the deployment of the Radisys Engage portfolio of digital engagement and AI-based real-time media applications on Open Network Edge Services Software, an open source multi-access edge compute platform initiative led by Intel to accelerate innovation and unique experiences on 4G/LTE and 5G networks. Radisys' Engage advanced real-time media applications are available on the OpenNESS platform, enabling new digital experiences.

In light of this, incident management programs are more important than ever, and with ISACA's newly launched Security Incident Management Audit Program, audit professionals now have the tools to more effectively evaluate incident management programs and achieve greater assurance. The audit program covers process areas of security incident management programs and clearly outlines process sub-areas-like detection and analysis, forensics, and change management during program implementation as well as control objectives, controls and testing steps in a customizable spreadsheet.