Security News > 2020 > May

In SecurityWeek's CISO Conversations series, we talk to top Chief Information Security Officers from major organizations within the critical industries to discuss the role of the CISO, and what it takes to be a successful CISO. In this feature, SecurityWeek talks to Mastercard CISO Ron Green, and Ellie Mae CISO Selim Aissi from the finance sector, concentrating on the people problem for CISOs. "I think If either one of the two aspects is stronger than the other, then the CISO will not be successful. I think if a CISO is a salesman, a great communicator all the time but doesn't have the technical chops, then that's a problem. And if the CISO is way deep into the technology and does not focus on the people aspects, on processes, on communication, then that CISO will also fail. It really does require a good balance between the two."

Google has released a patch for CVE-2020-0096, a critical escalation of privilege vulnerability in Android that allows attackers to hijack apps on the victim's device and steal data. Dubbed StrandHogg 2.0 because its similar to the StrandHogg vulnerability exploited by hackers in late 2019, it affects all but the latest version of Android.

House Democrats on Wednesday decided to abandon a vote on the reauthorization of several government surveillance programs under the Foreign Intelligence Surveillance Act. A similar amendment proposed earlier this week by Representatives Zoe Lofgren and Warren Davidson saw broad support in the House of Representatives, but the vote on the USA FREEDOM Reauthorization Act was abandoned on Wednesday, after both the Department of Justice and President Donald Trump publicly opposed the bill.

HackerOne announced that hackers have earned $100 million in bug bounties on the HackerOne platform. From $30,000 paid to hackers across the globe in October 2013 - the first month of bounty payments on HackerOne - to $5.9 million paid to hackers in April 2020, working with hackers has proven to be both a powerful way to pinpoint vulnerabilities across digital assets and more than just a past-time.

The Intel vPro® platform is a set of capabilities embedded into the hardware of endpoint systems aimed at businesses and large organisations, covering areas such as security and remote management. The latest updates to the Intel vPro® platform includes a new security technology called Intel® Hardware Shield.

The Intel vPro® platform is a set of capabilities embedded into the hardware of endpoint systems aimed at businesses and large organisations, covering areas such as security and remote management. The latest updates to the Intel vPro® platform includes a new security technology called Intel® Hardware Shield.

This article examines some of the major considerations for any business looking to tackle the security challenges of remote working and implement a program that will enable employees to work both effectively and securely from anywhere. Security challenges of remote working: Finding the right approach.

Ring, Nest, SimpliSafe and eight other manufacturers of internet-connected doorbell and security cameras have been alerted to systemic design flaws discovered by Florida Tech computer science student Blake Janes that allows a shared account that appears to have been removed to actually remain in place with continued access to the video feed. The findings were presented in the paper, "Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices," by Janes and two Florida Tech faculty members from the university's top institute for cybersecurity research, L3Harris Institute for Assured Information, Terrence O'Connor, program chair of cybersecurity, and Heather Crawford, assistant professor in computer engineering and sciences.

The McAfee report uncovers a correlation between the increased use of cloud services and collaboration tools, such as Cisco WebEx, Zoom, Microsoft Teams and Slack during the COVID-19 pandemic, along with an increase in cyber attacks targeting the cloud. Most of these external attacks targeted collaboration services like Microsoft 365, and were large-scale attempts to access cloud accounts with stolen credentials.

The C-suite is the most likely group within an organization to ask for relaxed mobile security protocols - despite also being highly targeted by malicious cyberattacks, according to MobileIron. The study combined research from 300 enterprise IT decision makers across Benelux, France, Germany, the U.K. and the U.S., as well as 50 C-level executives from both the U.K. and the U.S. The study revealed that C-level executives feel frustrated by mobile security protocols and often request to bypass them.