Security News > 2020 > May

On Friday, ProPublica and The Atlanta Journal-Constitution revealed that the Georgia Bureau of Investigation found "No evidence of damage to network or computers, and no evidence of theft, damage, or loss of data." Kemp's hacking claim followed a report from a voter with software development experience about access control vulnerabilities in the state's My Voter Page and its online voter registration system.

SEE: Social engineering: A cheat sheet for business professionals. Security consulting firm Social Engineer, Inc., defines social engineering in incredibly basic and broad terms: "Any act that influences a person to take an action that may or may not be in their best interest."

Humboldt Squid communicate by changing their skin patterns and glowing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my...

The findings come in a new paper released by researchers at Cambridge University's Cybercrime Centre, which examined the quality and types of work needed to build, maintain and defend illicit enterprises that make up a large portion of the cybercrime-as-a-service market. In examining these businesses, the academics stress that the romantic notions of those involved in cybercrime ignore the often mundane, rote aspects of the work that needs to be done to support online illicit economies.

A targeted series of attacks on suppliers of equipment and software for industrial enterprises is playing out globally, researchers said, hinging on phishing and a steganography tactic to hide malware on public, legitimate image resources. According to Kaspersky ICS CERT, the attacks seem bent on stealing Windows credentials in order to lay the groundwork for lateral movement inside a target network and follow-on activity.

Some are suggesting care for paper documents might be as important as a PDF. "If your business regularly handles sensitive hardcopy data in the office, chances are that your employees working from home now have to continue handling sensitive data outside the safety of your office environment," said Andrea Maciejewski and Joshua James of Bryan, Cave, Leighton, and Paisner, in their post: Work From Home Cybersecurity Basics: Handling Sensitive Hardcopy Data. During the coronavirus crisis, it's a bit late for forethought, but the co-authors said it's a good idea to revisit in-place security measures, in particular ones pertaining to sensitive hard-copy files, as their security is often overlooked in the digital age.

Google announced on Thursday that it's taking action against misleading and malicious notifications in Chrome with the release of version 84, which is scheduled for July 14. Google classifies abusive notifications as permission request issues, which trick or force users into allowing notifications, and notification issues, which are fake messages that mimic chats, system dialogs or warnings.

The US National Institute of Standards and Technology, in its current draft of standards for zero trust architecture, defines zero trust basically as "Zero trust is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated." NIST adds, there is a distinction to be drawn between zero trust and zero trust architecture.

Security concerns remain prominent across all network environments, with some unique to the network edge, SDN, and other services. Securing subnets, switches, routers, and firewalls is a fairly traditional field, but security gets a lot tricker with such concepts as the network edge, software-defined networking and other newfangled services.

Its website, which describes it as a USB key that "Provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other electrical, radiation or EMF emitting device". "Through a process of quantum oscillation, the 5GBioShield USB key balances and re-harmonises the disturbing frequencies arising from the electric fog induced by devices, such as laptops, cordless phones, wi-fi, tablets, et cetera," it adds.