Security News > 2020 > June

Some people are also concerned that their ID and password could be stored locally by third parties when they provide them to the SSO mechanism. In an effort to address these problems, Associate Professor Satoshi Iriyama from Tokyo University of Science and his colleague Dr Maki Kihara have recently developed a new SSO algorithm that on principle prevents such holistic information exchange.

Australia unveiled the "Largest-ever" boost in cybersecurity spending Tuesday, days after Prime Minister Scott Morrison spoke out about a wave of state-sponsored attacks suspected to have been carried out by China. Morrison said Tuesday that malicious cyber activity against Australia was increasing in frequency, scale and sophistication.

There has been a 200 percent increase in BEC attacks focused on invoice or payment fraud from April to May 2020, according to Abnormal Security. According to the report, invoice and payment fraud attacks increased more than 75 percent in the first three months of 2020.

More approaches to data security that are born in the cloud are now appearing, and the new normal means the enterprise is motivated to adapt. What has really changed? A top certification may be enough to be called "Above average" data security, but in reality that security still remains totally contingent on perimeter defenses, hardware appliances, and proper configurations by system administrators and DBMs. And it's still only as good as the data hygiene of end users.

Working remotely from home has become a reality for millions of people around the world, putting pressure on IT and security teams to ensure that remote employees not only remain as productive as possible, but also that they keep themselves and corporate data as secure as possible. Even less so in the case of BYOD. Remote workers attempting to access risky content.

From September 1, Apple software, from Safari to macOS to iOS, will reject new HTTPS and other SSL/TLS certificates that are valid for more than 398 days, plus or minus some caveats. "Connections to TLS servers violating these new requirements will fail," Apple warned in its official note.

Driver vulnerabilities can facilitate attacks on ATMs, point-of-sale systems and other devices, firmware security company Eclypsium warned on Monday. The firm now warns that the Windows drivers used in ATMs and PoS devices can be highly useful to threat actors targeting these types of systems.

Vendor revenue from sales of IT infrastructure products for cloud environments, including public and private cloud, increased 2.2% in the first quarter of 2020 while investments in traditional, non-cloud, infrastructure plunged 16.3% year over year, according to IDC. Pandemic as the major factor driving infrastructure spending. For the full year, investments in cloud IT infrastructure will surpass spending on non-cloud infrastructure and reach $69.5 billion or 54.2% of the overall IT infrastructure spend.

A University of Texas at Dallas study of 100 mobile apps for kids found that 72 violated a federal law aimed at protecting children's online privacy. Dr. Kanad Basu, assistant professor of electrical and computer engineering in the Erik Jonsson School of Engineering and Computer Science and lead author of the study, along with colleagues elsewhere, developed a tool that can determine whether an Android game or other mobile app complies with the federal Children's Online Privacy Protection Act.

McAfee, the device-to-cloud cybersecurity company, announced general availability of McAfee MVISION Insights, the industry's first proactive security solution that changes the cyber security paradigm by helping to stop threats before the attack. MVISION Insights provides actionable and preemptive threat intelligence by leveraging McAfee's cutting-edge threat research, augmented with sophisticated Artificial intelligence applied to real-time threat telemetry streamed from over 1 billion sensors.