Security News > 2020 > August

"While the adoption of cloud native infrastructure such as containers, serverless, and servicemesh is fueling innovation, misconfigurations are becoming commonplace and creating serious risk exposure for organizations," said Om Moolchandani, CTO, Accurics. "As cloud infrastructure becomes increasingly programmable, we believe that the most effective defense is to codify security into development pipelines and enforce it throughout the lifecycle of the infrastructure. The receptiveness of the developer community toward assuming more security responsibility has been encouraging and a step in the right direction."

Four in five workers report always following their company's IT policy, meaning that just 20% of workers are driving all shadow IT activity in the enterprise. "Most of us follow the rules, but a small group of employees trying to get more done circumvent policies and create openings for credential attacks. They're sometimes enabled by IT workers who empathize with their pursuit of productivity."

US secretary of state Mike Pompeo has announced a "Clean Network plan" he says offers a "Comprehensive approach to guarding our citizens' privacy and our companies' most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party." Clean Carrier: To ensure untrusted People's Republic of China carriers are not connected with US telecommunications networks.

Malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as: TrickBot, Skidmap, Kerberods and CryptoSink. Overall, malware attacks utilizing machine identities grew eightfold over the last 10 years and increased more rapidly in the second half of the decade.

In one four-month period some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs - all related to COVID-19 - were detected by one of INTERPOL's private sector partners. "Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19," said Jürgen Stock, INTERPOL Secretary General.

Challenging times call for exceptional measures, and² is committed to helping you keep your CISSP certification goals on track this year. is bringing back special pricing on flexible CISSP exam prep so you can keep moving forward with full freedom and confidence.

Canon pulled the plug on service, and restored it days later, on Tuesday, August 4 when the data-gobbling glitch was fixed, we're told. According to Bleeping Computer, Canon was hit by a Maze ransomware infection.

Known as SAFE Phish, it's designed to let security teams create training exercises using real-life, de-weaponized campaigns that target their organizations and employees. "With SAFE Phish technology, end-users can safely be exposed to real-life, de-weaponized phishing attacks to make training more effective and provide a data-driven picture of which employees are most at risk. Our research has shown that end-users who have taken Mimecast Awareness Training are 5.2 times less likely to click on dangerous links. We're very excited about how SAFE Phish simulations can further help increase the impact of our security awareness solution."

U.S. Secretary of State Mike Pompeo on Wednesday called for a big expansion of U.S. government curbs on Chinese technology, saying that it wants to see "Untrusted Chinese apps" pulled from the Google and Apple app stores. Pompeo called out popular video app TikTok and the messaging app WeChat, which people in the U.S. use to communicate with others in the U.S. and China, as "Significant threats to the personal data of American citizens, not to mention tools for CCP content censorship." CCP refers to the Chinese Communist Party.

Verimatrix announced new protection for Bitcode-enabled iOS applications. Publishing an app to Apple's App Store with Bitcode enabled allows Apple to optimize the app's code for each target device.