Security News > 2020 > July

"In an era where workplace stress, mental illness, mindfulness and work-life balance are matters of importance and interest, we sought to understand if the security profession was at risk of burning itself out," the report, Security Profession 2019/2020 [PDF], stated. Some 18 per cent said they had personally walked out of a role permanently because of burnout; 36 per cent professed to knowing someone that had left due to it; and another 25 per cent claimed they had considered it.

Google on Tuesday unveiled the first product in its Google Cloud Confidential Computing portfolio: Confidential VMs. Currently in beta for Google Compute Engine, Confidential VMs are designed to help organizations, particularly ones in regulated industries, protect sensitive data by providing memory encryption capabilities that can be leveraged to isolate cloud workloads. Confidential VMs leverage the Secure Encrypted Virtualization feature in 2nd Gen AMD EPYC processors to ensure that sensitive data remains encrypted at all times, including while it's used, queried or indexed.

Researchers have found 142 million personal details from former guests at the MGM Resorts hotels for sale on the Dark Web, evidence that a data leak from the hotel chain last summer may be far bigger in scope than previously thought. In the ad, the hacker makes a connection between the newly advertised credentials and a previously known leak of personal details of more than 10.6 million guests who had stayed at MGM Resorts.

Confidential computing encrypts data in use as it's being processed and keeps that data encrypted in memory and elsewhere outside the CPU. Google Cloud just launched a new technology that encrypts data while it's being processed: Confidential computing, which also keeps data encrypted in memory, as well as outside the central processing unit. Google Cloud users can now control the confidentiality of their data.

A top White House official said he expected President Trump to act firmly against the TikTok and WeChat social media apps, prompting an angry response from China on Monday. Trump last week had said he is considering banning the wildly popular TikTok app as a way to punish China over the coronavirus pandemic.

A critical vulnerability, carrying a severity score of 10 out of 10 on the CvSS bug-severity scale, has been disclosed for SAP customers. The bug has been named RECON by the Onapsis Research Labs researchers that found it, and it affects more than 40,000 SAP customers, they noted.

A four-rotor Enigma machine -- with rotors -- is up for auction....

A serious vulnerability that could impact thousands of organizations can allow hackers to take complete control of SAP systems. Onapsis says more than 40,000 SAP customers could be affected by the RECON bug and the cybersecurity firm estimates that there are at least 2,500 vulnerable systems that can be targeted directly from the internet, including in North America, Europe and the Asia-Pacific region.

SAP has issued patches to fix a critical vulnerability that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker. The flaw affects a variety of SAP business solutions, including SAP Enterprise Resource Planning, SAP Supply Chain Management, SAP HR Portal, and others.

Auctions platform LiveAuctioneers has revealed a data breach that likely impacted approximately 3.4 million of its users. "As of July 11th, 2020, our cybersecurity team has confirmed that an unauthorized third party accessed certain user data through a security breach at a LiveAuctioneers data processing partner that occurred on June 19, 2020," the online marketplace notes.