Security News > 2020 > August

Maximizing data privacy should be on every organization's priority list. We all know how important it is to keep data and applications secure, but what happens when access to private data is needed to save lives? Should privacy be sacrificed? Does it need to be?

Nearly half of organizations regularly and knowingly ship vulnerable code despite using AppSec tools, according to Veracode. The research sheds light on how AppSec practices and tools are intersecting with emerging development methods and creating new priorities such as reducing open source risk and API testing.

This is according to C-Level IT and security execs at global businesses, 64% of which believe their organization is more likely to experience a data breach due to COVID-19. "As companies rush to meet remote work requirements and customer demands for digital services, attack surfaces have dramatically expanded, leaving security teams stretched thin and not staffed to cope. It's been a moment of reckoning: use the creativity and power of hackers to harden software and prevent malicious activities."

New research disclosed a string of severe security vulnerabilities in the 'Find My Mobile'-an Android app that comes pre-installed on most Samsung smartphones-that could have allowed remote attackers to track victims' real-time location, monitor phone calls, and messages, and even delete data stored on the phone. Portugal-based cybersecurity services provider Char49 revealed its findings on Samsung's Find My Mobile Android app at the DEF CON conference last week and shared details with the Hacker News.

A malicious actor was at one point in control of roughly 23% of the entire Tor network's exit capacity, a security researcher has discovered. While malicious relays on the Tor network are not something new, this was the first time that a single actor managed to control such a large number of Tor exit nodes, a Tor server operator going by the name of Nusenu reveals.

There are unrealized gaps between the rate of implementation or operation and the effective use of cloud security access brokers within the enterprise, according to a global Cloud Security Alliance survey of more than 200 IT and security professionals from a variety of organization sizes and locations. "CASB solutions have been underutilized on all the pillars but in particular on the compliance, data security, and threat protection capabilities within the service," said Hillary Baron, lead author and research analyst, Cloud Security Alliance.

Productivity can be maintained surprisingly well in a virtual or hybrid workplaces, according to BCG. Employees are open to hybrid workplaces. As working methods become increasingly remote or hybrid in the wake of the COVID-19 pandemic, a key question for companies is how to maintain and improve this productivity in the workplace of the future.

RSA announced the availability of RSA SecurID Access offerings that are designed to support organizations struggling to protect and optimize their workforces in this challenging environment. RSA SecurID Access minimizes identity risk with a unique hybrid model that now integrates all of the on-premises and cloud components into a unified solution, making it faster and easier for on-prem customers to connect to the cloud.

To ensure cybersecurity administration is easier and more accessible, SonicWall announced new zero touch-enabled, multi-gigabit SonicWall TZ firewalls with SD-Branch capabilities, along with a redesigned cloud-native management console that helps streamline operations through fresh and modern user interfaces. "SonicWall's new SD-Branch ready next-generation firewalls, along with re-engineered SonicOS, provide multi-gig malware inspection for increased security needs and advanced protection against threats hiding in the encrypted TLS 1.3 traffic."

Rather than focusing on time-consuming and frustrating security bottlenecks and interruptions to writing code, developers can focus on creating innovative and secure applications. Community Edition offers near full access to Contrast's products, with developers receiving interactive application security testing, software composition analysis, and runtime application self-protection solutions-all for free.