Security News > 2020 > August

Despite the pandemic, companies are obligated to comply with many laws governing data security and privacy, including the two most familiar to consumers - the European Union's General Data Protection Regulation and the California Consumer Privacy Act. Like GDPR before it, CCPA makes data security and regulatory compliance more of a challenge and requires businesses to create a number of new processes to fully understand what data they have stored in their networks, who has access to it, and how to protect it.

Even if people are the element most susceptible to phishing attempts, or the link most likely to be negligent in security practices, it becomes incredibly difficult to foster a culture of security awareness if we demoralize or denigrate the individuals we need to help drive our security priorities. How does a security team avoid disempowering fellow employees? The solution is quite simple: be aware of the words and phrases you use to describe the people of the PPT model.

Three Purdue University researchers and their teammates at the University of California, Santa Barbara and Swiss Federal Institute of Technology Lausanne have received a DARPA grant to fund research that will improve the process of patching code in vulnerable embedded systems. "Many embedded systems, like computer systems running in trucks, airplanes and medical devices, run old code for which the source code and the original compilation toolchain are unavailable," Antonio Bianchi, assistant professor of computer science at Purdue University said.

Fraudsters are decreasing their schemes against businesses, but increasing COVID-19 focused scams against consumers online, according to TransUnion. The percent of suspected fraudulent digital transactions against businesses worldwide decreased 9% from the beginning of the pandemic to when businesses began reopening.

Turkey's coronavirus tracking app is facing fire from privacy advocates for adding a feature allowing users to report social distancing rule violations, with the option to send photos. In April, the health ministry launched a phone app called "Hayat Eve Sigar" that helps people monitor confirmed virus cases, showing the risk levels and infection rates in specific neighbourhoods.

Although 97% of organizations said that Active Directory is mission-critical, more than half never actually tested their AD cyber disaster recovery process or do not have a plan in place at all, a Semperis survey of over 350 identity-centric security leaders reveals. Exactly 33% of organizations said they have an AD cyber disaster recovery plan but never tested it, while 21% have no plan in place at all.

Computer scientists have developed a new artificial intelligence system that may be able to identify malicious codes that hijack supercomputers to mine for cryptocurrency such as Bitcoin and Monero. "Based on recent computer break-ins in Europe and elsewhere, this type of software watchdog will soon be crucial to prevent cryptocurrency miners from hacking into high-performance computing facilities and stealing precious computing resources," said Gopinath Chennupati, a researcher at Los Alamos National Laboratory and co-author of a new paper in the journal IEEE Access.

Amazon Web Services, an Amazon Company, announced general availability of io2, the next generation Provisioned IOPS SSD volumes for Amazon Elastic Block Store. Io2 volumes are priced the same as io1 volumes, keeping the same predictable cost for EBS customers, but now support 10x higher IOPS-to-storage ratio and up to 500 IOPS for every provisioned GB, so that customers can get more performance without increasing their storage spend.

PCTEL introduced its new low-profile vertical antenna for 5G FR1 wireless networks, covering 600 MHz to 6 GHz frequencies. The BMLPV5000 supports the high-speed requirements of complex RF communication systems required for 5G FR1 network deployments in smart city applications, including machine-to-machine communication, transportation network infrastructure, smart energy networks, and small cells installations.

"With AWS Control Tower, it only takes a few clicks for enterprise organizations to provision new AWS accounts that conform to company-wide policies," said Chris Grusz, Director, AWS Marketplace, Amazon Web Services, Inc. "The Aviatrix cloud networking solution uniquely offers a network factory for AWS Control Tower. With AWS Control Tower account factory ensuring account control governance, customers will benefit from Aviatrix's new capabilities that make certain the network infrastructure supporting those accounts is secure and correctly deployed every time." AWS Service Catalog enables organizations to create and manage catalogs of approved IT services for use on AWS. The Aviatrix cloud network platform provides the prescriptive transit network architecture and operational visibility that meets enterprise cloud networking and security requirements.