Security News > 2020 > July

IOTAS, a provider of smart property solutions, including Prospect Tour, a self-guided touring feature that makes it easier and safer to show and fill vacant units, and its Board of Directors announced that Laura Lang, the former CEO of Time and Digitas, will be joining the IOTAS Board. "IOTAS has an exciting product suite in smart property solutions. The industry is at the beginning of this digital transformation and IOTAS is brilliantly positioned to lead in the space. I am looking forward to working with the management team and board to help scale such a strong customer driven management team and product offering."

Cisco Systems is warning of a high-severity flaw affecting more than a half-dozen of its small business switches. The flaw, which ranks 8.1 out of 10.0 on the CVSS scale, stems from use of weak entropy generation for session identifier values, a Wednesday Cisco security advisory said.

A venerable point-of-sale malware called Alina that's been around since 2012 is back in circulation, with a new trick for stealing credit- and debit-card data: Domain Name System tunneling. Researchers at Black Lotus Labs spotted a still-ongoing campaign that began in April, in which cyberattackers employed Alina to siphon off payment-card information, then used DNS to exfiltrate it.

Identity governance and lifecycle have always been fundamental to controlling user access and visibility into access activity in the workplace. Identity governance suddenly isn't just about who has access to what; it's about where, how and why they have access.

The new malware sample discovered this week, dubbed EvilQuest by security researchers, may be ushering in a new class of Mac malware, according to Thomas Reed, director of Mac and mobile with Malwarebytes. We're chatting today about Mac threats and one particular Mac targeting malware that was discovered just this week.

Technology companies continue to see customer interest in cybersecurity, cloud computing and other areas, perhaps indicating that the business environment is stabilizing, according to a new survey by CompTIA, a nonprofit trade association for the global tech industry. Among US companies surveyed 44% have applied for a Payment Protection Program loan from the Small Business Administration.

Establishing a clear communication strategy is a must for any incident response policy. Jerry Ray, chief operations officer at SecureAge, said incident response plans need to take into account how to allocate resources depending on the criticality of the infrastructure components affected by the breach.

Microsoft has just released emergency patches for two critical security holes in the Windows Codecs Library. The security challenge here is that the -dec part of any codec - for example, the software that converts JPG files that are downloaded as part of a web page so your browser can display them - can't blindly assume that the co- part of the process was trustworthy.

Google this week shared details on how it is fighting memory bugs in Android 11, as well as on other security improvements that the upcoming platform version will deliver. One of the main improvements in the new operating system iteration is related to initialization of memory, which is expected to eliminate an entire class of issues that occur in C/C++: uninitialized memory bugs.

Despite the well-documented increase in attacks against the healthcare industry during the COVID-19 pandemic, the industry is largely coping well against the cyber criminals. "Data smuggling behaviors," notes Vectra in its 2020 Spotlight Report on Healthcare, "Can occur when patient medical records are transferred to cloud storage offerings like Microsoft OneDrive, which is a common requirement for collaborating healthcare professionals."