Security News > 2020 > April

In one of the strangest stories of the year, the COVID-19 virus has halted plans by major browsers to drop support for the ageing and insecure Transport Layer Security 1.0 and 1.1 protocols. While a temporary delay, it's still an unexpected retreat for an industry which had showed unity in collectively deciding to banish TLS 1.0 and the lesser used TLS 1.1 by early 2020.

The Nigerian business email compromise threat actors referred to as SilverTerrier have intensified assaults on multiple industries and should be considered an established threat, Palo Alto Networks says. SilverTerrier attacks were linked to roughly 400 individual threat actors in 2018, but that number jumped to 480 in 2019.

What are the most unexpected pitfalls for a CISO that wants to strengthen an enterprise third-party risk management program? Before third-party risk management can become a competitive advantage, businesses need to perfect the block-and-tackle basics of third-party risk management.

What is vFeed? We would like to tagline vFeed with vulnerability intelligence as a service. It's difficult for any security team to maintain a good repository of all the different indicators and information related to those vulnerabilities.

Businesses must accelerate the shift to comprehensive continuous software testing in order to remain competitive, according to a report released by Capgemini and Broadcom. While 55% of the enterprises surveyed have now adopted a continuous software testing approach, its slow increase in maturity demonstrates a critical challenge for organizations to overcome.

A recently uncovered attack campaign that stayed under the radar since May 2018 has targeted Microsoft SQL servers with backdoors and crypto-miners, Guardicore Labs reveals. Attacks begin with MS-SQL brute force login attempts and continue with a series of configuration changes to allow command execution.

The total number of IoT connections will reach 83 billion by 2024, rising from 35 billion connections in 2020, according to Juniper Research. Industrial sector to account for a total of 60 billion IoT connections.

A team of cybersecurity researchers has discovered that a large number of mobile apps contain hardcoded secrets allowing others to access private data or block content provided by users. The study's findings: that the apps on mobile phones might have hidden or harmful behaviors about which end users know little to nothing, said Zhiqiang Lin, an associate professor of computer science and engineering at The Ohio State University and senior author of the study.

Outsourcing your endpoint protection can deliver positive returns by improving operational efficiency and minimizing risk, but it's not always easy to prove the business case. This guide delivers specific guidance on how to calculate savings in the context of your organization's risk while accounting for size and industry.

Attivo Networks, the award-winning leader in deception for cybersecurity threat detection, announced the availability of its ADSecure solution for Google Cloud's Managed Service for Microsoft Active Directory. The Google Cloud team has reviewed the Attivo solution that operates and reduces the risk of attack escalation for organizations running Active Directory with Google's managed service.