Security News > 2020 > June

Amid nationwide protests over the death of George Floyd, secure comms biz Signal has deployed a blur tool in its messaging and calling app to allow users to obscure faces in app-captured snapshots. Since not everyone always does so, the latest versions of Signal for Android and iOS include a blur feature in the image editor menu that can be used to degrade image details.

I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships." Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships.

The application is free and open source, but he still has to pay for a code-signing certificate to avoid potential users being put off by warnings when they try to download and install. Warning or preventing users from installing unverified applications is commonplace in today's operating systems, but does Windows go too far? We counted seven steps needed to download and install the open-source audio package Ardour 6, which is both unsigned and newly released, using the latest Edge and Windows 10.

VMware on Thursday announced that it's acquiring network security company Lastline for its research team and threat detection technology. The firm also noted that its team includes 15 PhDs. While VMware has praised Lastline employees, TechCrunch has learned that the virtualization giant actually plans on laying off roughly 50 people from Lastline following the acquisition - this represents 40% of the company's staff.

May 2020 Patch Tuesday was pretty light on updates as predicted, so I'm expecting we'll see a more standard release of updates from Microsoft this month. These updates will be included in the regular patch Tuesday releases.

A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May, tried to grab WordPress configuration files of 1.3 million sites at the end on the same month. "The previously reported XSS campaigns sent attacks from over 20,000 different IP addresses. The new campaign is using the same IP addresses, which accounted for the majority of the attacks and sites targeted. This campaign is also attacking nearly a million new sites that weren't included in the previous XSS campaigns," Wordfence threat analyst Ram Gall shared.

Checkmarx SCA: New SaaS-based software composition analysis solution. Zyxel launches USG FLEX series of mid-range firewalls for SMBs. Zyxel's new USG FLEX 100, USG FLEX 200 and USG FLEX 500 firewalls feature upgraded hardware and software power that level up SMB security with up to 125 percent of firewall performance and up to an additional 500 percent Unified Threat Management performance.

An overwhelming majority of organizations prioritize software quality over speed, yet still experience customer-impacting issues regularly, according to OverOps. The report, based on a survey of over 600 software development and delivery professionals, revealed that the current level of DevOps investment is not sufficient for ensuring software reliability.

The many benefits that APIs bring to the software and application development communities - namely, that they are well documented, publicly available, standard, ubiquitous, efficient, and easy to use - are now being leveraged by bad actors to execute high profile attacks against public-facing applications. The security conundrum for APIs is that whereas most practitioners would recommend design decisions that make resources more hidden and less available, successful deployment of APIs demands willingness to focus on making resources open and available.

Google this week announced expansions to the Advanced Protection Program, with the addition of Google Nest and support for more types of security keys for iOS users. Over the years, Google rolled out Advanced Protection Program features for many of its services, including GSuite, Google Cloud Platform, Chrome and, most recently, Android, and this week made it available for Google Nest as well, providing its users with an additional layer of security.