Security News > 2020 > June

Redmond is bulking up the security around its AzureStack hardware-to-cloud bundle by acquiring infosec firm CyberX. Microsoft says the newly-integrated security house will be used to help secure industrial gear and other Internet-of-Things devices running under AzureStack, giving companies more reason to buy into the ground-up pitch from Microsoft. "Microsoft will now provide a simpler approach to unified security governance across both IT and industrial networks, as well as end-to-end security across managed and unmanaged IoT devices, enabling organizations to quickly detect and respond to advanced threats in converged networks," Redmond boasted.

A desire to remain compliant with the European Union's General Data Protection Regulation and other privacy laws has made HR leaders wary of any new technology that digs too deeply into employee emails. At the same time, new technologies are applying artificial intelligence and machine learning to solve HR problems like analyzing employee data to help with hiring, completing performance reviews or tracking employee engagement.

New vulnerabilities in open source packages were down 20% compared to last year suggesting security of open source packages and containers are heading in a positive direction, according to Snyk. Across the six popular ecosystems the report examined, there were fewer new vulnerabilities reported in 2019 than in 2018 - a promising finding - but there are still significant improvements to strive for with slightly less than two thirds of vulnerabilities still taking more than 20 days to remediate.

A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal websites devoted to facilitating payment card fraud, computer hacking, and other crimes. Aleksei Yurievich Burkov, 30, pleaded guilty in January this year to two of the five charges against him for credit card fraud-one count of access device fraud and one count of conspiracy to commit access device fraud, identity theft, computer intrusions, wire fraud, and money laundering.

A recently identified piece of cryptojacking malware includes functionality that enables its operators to launch distributed denial of service attacks, Palo Alto Networks reports. The malware enables itself with debug privilege and begins operation by launching several threads.

There's a massive amount of complexity plaguing today's enterprise endpoint environments. The number of agents piling up on enterprise endpoint devices - up on average - is hindering IT and security's ability to maintain foundational security hygiene practices, such as patching critical vulnerabilities, which may actually weaken endpoint security defenses, Absolute reveals.

Fake reviews are a significant threat for online review portals and product search engines given the potential for damage to consumer trust. "We find consumers have more trust in the information provided by review portals that display fraudulent reviews alongside nonfraudulent reviews, as opposed to the common practice of censoring suspected fraudulent reviews," said Beibei Li of Carnegie Mellon University.

5G progress in connections and deployments continues despite the COVID-19 pandemic and resulting economic downturn according to 5G Americas. Chris Pearson, President, 5G Americas said, "Globally, 5G remains the fast-growing generation of wireless cellular technology ever, even as the world is gripped with a pandemic. In North America, we are seeing consistent, strong uptake of new 5G subscribers as new devices have been released that can take advantage of low-band and millimeter wave frequencies. At the same time, new network capabilities are being added."

Global consulting firm Protiviti has launched a Navigating Business Resilience tool to help companies take a rapid approach to addressing the unprecedented challenges they are facing due to COVID-19-related disruptions, workplace re-entry and business transformation. The complimentary assessment tool helps business leaders quickly identify and prioritize their organization's unique pain points, threats and vulnerabilities across their core functions, and then creates an agile operating model, with an immediate triage heatmap of priorities and a recommended suite of practical tools and processes to best position their organization for competitive advantage after the crisis.

Futurex's VirtuCrypt financial cloud HSM service supports financial services organizations' critical payment systems cryptography and key management needs in the cloud. VirtuCrypt cloud HSMs are the industry's first financial cloud cryptographic solution with native Amazon Web Services support.