Security News > 2020 > August

BeyondEdge announced its CEO has been named to the Board of Directors for Building Cyber Security, the leading non-profit organization focused on improving and advancing the physical information and operational technology systems security, safety, and privacy in both the public and private sector. "Leading BeyondEdge for the past ten years, a company with a history of innovation and industry firsts, we selected Amir for his reputation in staying ahead of market needs by focusing on software and automation to deliver highly-available and secure access to technology solutions in the public and private sectors," said Jason Lund, CEO of Building Cyber Security.

The MITRE Corporation has taken the wraps off a knowledge base of common techniques and tactics that defenders can use to ensure their networks and assets are kept secure. Called MITRE Shield, the publicly available, free resource is aimed at cyber-experts looking to engage an active cyber defense and, similarly with MITRE ATT&CK, presents a series of active defense concepts.

A series of recent phishing attacks tried to take advantage of organizations that use Amazon Web Services. In one phishing campaign reported to KnowBe4, the attackers created a basic, no-frills scam to harvest the credentials of AWS users.

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has published details on its strategy for the secure deployment of 5G networks within the country. Last year, over 30 countries developed The Prague Proposals, a document that identifies recommendations on 5G roll-out, which the US used to develop the National Strategy to Secure 5G, a document that details the manner in which the U.S. will secure 5G infrastructure domestically and abroad. CISA's own 5G strategy aligns with this document, providing information on five strategic initiatives aimed at ensuring that secure and resilient 5G infrastructure is being deployed.

As first reported by Ars Technica, Bridgefy was promoting itself earlier this year as the app of choice for protesters in Hong Kong and India to organise their activities without being easily spied upon by law enforcement agencies. The app uses both the internet and Bluetooth Low Energy for passing messages between users, falling back to the latter as a mesh network if wider internet connectivity is unavailable.

Microsoft informed administrators on Monday that Application Guard for Office, a feature designed to protect users against malicious documents, is now available in public preview. Application Guard for Office has been available in private preview.

A security researcher disclosed details of an Apple Safari web browser security hole that could leak files with other browsers and applications and open the door to exploitation by attackers. The disclosure came only after Apple said it would delay patching the vulnerability for nearly a year.

The nation-state threat operator Lazarus Group is being tied to a recent phishing campaign that targeted admins at a cryptocurrency firm via LinkedIn messages. Researchers say that the recently identified a series of incident that were part of a broader campaign targeting businesses worldwide through LinkedIn messages sent to targets' personal LinkedIn accounts.

While their associated capabilities and information can give organizations a competitive advantage, these ever-evolving technologies can also expose critical infrastructure sectors to new threats that require cybersecurity mitigation measures. During the same time frame of roughly a decade, we've observed that in the absence of a regulatory baseline being established, organizations of nonregulated sectors frequently see cybersecurity purely as a cost or perhaps even a surcharge.

Recently addressed Microsoft Azure Sphere vulnerabilities could lead to the execution of arbitrary code or to elevation of privileges, Cisco Talos' researchers warn. The cloud-based system on a chip platform was designed for Internet of Things security, and is comprised of a hardware platform, Azure Sphere OS, and the Azure Sphere Security Service.