Security News > 2020 > August

Capital One must pay a trivial $80m fine for its shoddy public cloud security - yes, the US banking giant that was hacked last year by a miscreant who stole personal information on 106 million credit-card applicants in America and Canada. "The OCC took these actions based on the bank's failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner," the watchdog said in a statement on Thursday.

Fortinet announced the FortiGate 4400F, a hyperscale firewall, setting new milestones for Security Compute Ratings to deliver performance, scalability and security in a single appliance to meet escalating business needs. FortiGate 4400F is powered by Fortinet's latest seventh generation network processor to offer hardware-acceleration, making it the only network firewall that is fast enough to secure hyperscale data centers and 5G networks.

Social media used as a cudgel for nation-states to sway opinion is a cybersecurity threat CISOs can't ignore - and need to understand better and mitigate against. During a keynote address at Black Hat on Thursday entitled "Hacking Public Opinion," she said threat actors are fine-tuning these attacks.

Windstream Enterprise released a new security feature to protect businesses from increasingly sophisticated threats to their network and their data. Offered as part of its managed SD-WAN service, Windstream Enterprise's new Virtual Network Function Next-Generation Firewall gives businesses peace of mind that their networks are safe from attacks, out to the network edge, while also reducing the complexity associated with implementing a large-scale network security solution.

With the Diffusion Kafka Adapter, organizations can now securely extend Kafka solutions over the Internet, streaming real-time data to millions of end-user applications. The new Diffusion Kafka Adapter is fully hosted within the Diffusion Cloud infrastructure with an easy-to-configure user interface, for seamless integration with Kafka brokers.

Some of the boffins who in 2018 disclosed the data-leaking speculative-execution flaws known as Spectre and Meltdown today contend that attempts to extinguish the Foreshadow variant have missed the mark. In a paper slated to be distributed through ArXiv today, Martin Schwarzl, Thomas Schuster, and Daniel Gruss with Graz University of Technology, and Michael Schwarz, with the Helmholtz Center for Information Security, reveal the computer science world has misunderstood the microarchitectural flaw that enables Foreshadow, which can be exploited by malware or a rogue user on a vulnerable system to extract data from supposedly protected areas of memory - such as Intel SGX enclaves, and operating-system kernel and hypervisor addresses.

SimIQ has been developed to meet the growing need to test GNSS capabilities earlier to accelerate product development, while simultaneously reducing costs by identifying issues prior to the purchase of hardware components. For developers using Spirent's market-leading GSS7000 and GSS9000 simulators, SimIQ extends multi-frequency, multi-constellation simulation capabilities to cover software-only testing needs through the capture and replay of high fidelity I/Q data files.

HPE announced plans to partner with SAP to deliver the customer edition of SAP HANA Enterprise Cloud with HPE GreenLake, as a fully managed service at the edge, in the customer's data center or colocation facility of their choice. HPE GreenLake's robust cloud services and compliance analytics tools will enable SAP to offer on-premise white-glove operations and application management services that SAP HANA Enterprise Cloud is known for at the customer's location of choice.

Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security finally revealed the exact reason behind why the kernel addresses are cached in the first place, as well as presented several new attacks that exploit the previously unidentified underlying issue, allowing attackers to sniff out sensitive data. The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD - previously believed to be unaffected.

Balbix announced a global cloud distribution agreement with Ingram Micro that brings its award-winning Balbix BreachControl solution to the Ingram Micro Cloud Marketplace, a marketplace of cloud solutions and services for the channel. Balbix's BreachControl™ Platform is now available on the Ingram Micro Cloud Marketplace, initially for channel partners in the United States.