Security News > 2020 > July

RtBrick has extended its cloud-native approach to telco networks by offering two new APIs into its software. RtBrick is already known for pioneering a radical new approach to carrier networks, by disaggregating MPLS routing systems.

IronCore Labs, the data control and privacy platform, announced several new product features that build on the company's two core products: the Data Control Platform and SaaS Shield. The IronCore team recently launched the IronOxide Android SDK, which allows customers to integrate IronCore's privacy toolkit into Android applications to control sensitive data.

A notice emitted by the certificate biz explained that a number of its intermediate certificate authorities had issued EV certs to customers despite not being included in DigiCert's WebTrust audits - which goes against the rules for EV certs. "Although there is no security threat, the EV Guidelines require that we revoke EV certificates signed by the affected ICAs by July 11, 2020 at 12pm MDT.".

SANS and Elevate Security are partnering to shift the industry paradigm to solve for the human element, with a data-driven approach focused on provable outcomes. The partnership between SANS and Elevate Security combines the most trusted cybersecurity training provider with the most innovative technology, empowering security teams to reduce human risk and understand what interventions, training, and investments are yielding results.

Against the backdrop of widespread remote working and the increased use of collaboration apps, attackers are ramping up application-based attacks that exploit OAuth 2.0, Microsoft is warning. An offensive starts when an attacker registers a malicious app with an OAuth 2.0 provider, such as Microsoft's own Azure Active Directory.

This week Citrix tried to reassure everyone the 11 security flaws it just patched in its network perimeter products weren't all that bad. Well, we hope they're right because someone's scanning the internet looking for vulnerable installations. SANS dean of research Johannes Ullrich today said his honeypot, set up to detect exploitation attempts against bugs in F5's products, encountered attempts by someone to exploit a couple of the holes Citrix patched in its gear.

Honeywell says it has seen a significant increase over the past year in USB-borne malware that can cause disruption to industrial control systems. While only 11% of the malware found on USB drives was specifically designed to target industrial systems - this represents a slight drop compared to the 14% identified in 2018 - 59% of the detected threats could cause significant disruption to industrial systems, compared to only 26% in 2018.

Following a January report on malware found pre-installed on smartphones sold in the United States to budget-conscious users, Malwarebytes has discovered another mobile device riddled with malware from the get-go. Now, Malwarebytes's Nathan Collier says that another phone model provided through the Lifeline Assistance program was found to include pre-installed malware: the ANS UL40 running Android 7.1.1.

Pages for inactive domain names can be exploited by cybercriminals to take you to malicious sites, says Kaspersky. Most of us at some point have likely tried to open a website only to discover that the site no longer exists, replaced by a landing page indicating that the domain has expired or is up for rewewal.

The data, dating back to 1996, include emails, audio and video files and police and FBI intelligence reports. Some of the files offer insights into the police response to those protests, they said.