Security News > 2020 > March

In response to White House warnings that 5G infrastructure equipment built by Huawei could be subverted by China to conduct espionage, Andy Purdy of Huawei Technologies USA says his company has pledged full transparency and urges competitors to follow suit. Security concerns that come with 5G and national rollouts;.

As organizations face having to demonstrate compliance with a broad range of regulations that have an IT and cybersecurity impact, the imperative is to adopt frameworks such as ISO 27001 and NIST 800-53, says David Ogbolumani, chief cybersecurity and privacy officer at IT Security Consultants. Tackling today's top compliance and regulatory issues;.

Three U.S. senators are demanding more answers from Catholic health system Ascension and Google over "Project Nightingale," which is part of a controversial data-sharing and cloud migration initiative that has raised concerns about sharing patient information without explicit permission. In a letter sent Monday to St. Louis-based Ascension, Sen. Bill Cassidy, M.D., R-La., and Democratic senators Elizabeth Warren of Massachusetts and Richard Blumenthal of Connecticut are demanding additional answers, including a complete list of patient-level information that Google received from Ascension and the exact number of health records that the company collected in Project Nightingale.

A FDA spokeswoman tells Information Security Media Group that the agency does not yet have an estimate on how many medical devices and other health-related products in use in the U.S. or worldwide could be impacted. "As with any medical technology, threats that can affect proper operation, availability or in any way threatens patient safety is of concern," says Bill Aerts, executive director of the Archimedes Center for Medical Device Security at the University of Michigan.

Just as consumers can look at a box of Twinkies and read a list of ingredients, so too should software makers provide users with a "Bill of materials" explaining their composition, says Allan Friedman, director of cybersecurity initiatives at the U.S. National Telecommunications and Information Administration. Friedman is the director of cybersecurity initiatives at NTIA, which part of the U.S. Department of Commerce, where he coordinates NTIA's multistakeholder processes, bringing together industry and the security community on issues such as vulnerability disclosure and IoT security.

Software development over the past decade: The good news is that more organizations than ever have secure software development practices in place, says Chris Eng, chief research officer at Veracode. The bad news is that many of the same flaws - including injection vulnerabilities - persist.

While the cost of sequencing the human genome continues to decrease, the imperative to secure this most personal of personally identifiable information does not, says Brian Castagna, CISO of Seven Bridges. He shares best practices for all organizations that store sensitive information in the cloud.

Well, you shouldn't have, because the pair were among sub-domains hijacked by vulnerability researchers to prove Microsoft is lax with its own online security. Now, as we said, Microsoft has loads of these sub-domains, and after a while it just stops updating some of them and abandons them.

Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk hardware running firmware versions prior to 1.0.2.68. The critical vulnerability, tracked by Netgear as PSV-2019-0076, affects the company's consumer Nighthawk X4S Smart Wi-Fi Router first introduced in 2016 and still available today.

In a new study on DMARC usage and success, email cybersecurity company Vailmail found that spoof attempts drop to nearly zero "Within a few months after that domain moves to DMARC enforcement." There has been a steady increase in organizations using Domain-based Message Authentication, Reporting, and Conformance as a security measure against domain spoofing but enforcement continues to be the main struggle for most enterprises. Nearly 80 percent of US federal government domains have DMARC records and of those 93%. These high numbers are due mostly to a Department of Homeland Security directive in 2017 mandating DMARC at enforcement for most executive branch domains by January 2018.