Security News > 2020 > August

The United States National Security Agency has issued new advice on securing mobile devices that says location services create a security risk for staff who work in defence or national security. The new guide [PDF], titled "Limiting Location Data Exposure", notes that smartphones, tablets and fitness trackers "Store and share device geolocation data by design."

China has accused the US of abusing its national security laws to target Chinese companies after Washington threatened to ban video-sharing app TikTok from its shores last week. On Saturday, the Trump administration vowed to "Close down" the Chinese-owned video-sharing app unless it is bought by a "Very American" company within 45 days.

BluBracket introduced significant new functionality to its Code Security Suite, allowing companies for the first time to find stolen and copied source code in public repositories. Code proliferation represents a significant threat to companies today-not just in the loss of intellectual property, but also in the risks code poses to general enterprise security.

As enterprises look to combine the speed of software delivery with both cybersecurity and business value, they need to incorporate the idea that business is everyone's business too. The first involves business executives who recognize the importance of security and privacy, but who are focused on delivering value to customers.

Conducted jointly with Politecnico di Milano, the research details how design flaws in legacy programming languages could lead to vulnerable automation programs. Legacy proprietary programming languages such as RAPID, KRL, AS, PDL2, and PacScript were designed without an active attacker model in mind.

Based on anonymized data from millions of global users, the report found there was a 148% rise in remote workers due to the COVID-19 pandemic-which resulted in a 161% increase in visits to high-risk apps and websites, as personal use of managed devices nearly doubled. "While many companies rose to the challenge to embrace cloud-based collaboration tools, we also found increased risk as employees used work devices for personal reasons. Organizations must tackle this problem head-on by prioritizing threat protection and ensuring safe cloud and web access through methods like strong authentication and access controls, data and threat protection, as well as zero-trust network access to private apps in data centers and public cloud services. Enacting measures like this will reduce exposure of apps, cloud-enabled threats, unintentional data movement, and limit network lateral movement."

Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account. Uncovered in February by Thijs Alkemade, a security specialist at IT security firm Computest, the flaw resided in Apple's implementation of TouchID biometric feature that authenticated users to log in to websites on Safari, specifically those that use Apple ID logins.

New research shows almost three quarters of large businesses believe remote working policies introduced to help stop the spread of COVID-19 are making their companies more vulnerable to cyberattacks. You need to take steps to protect the remote workforce.

Fake audio or video content has been ranked by experts as the most worrying use of artificial intelligence in terms of its potential applications for crime or terrorism, according to a new UCL report. The study identified 20 ways AI could be used to facilitate crime over the next 15 years.

Many companies today have developed a Cybersecurity Incident Response plan. It's a sound security practice to prepare a comprehensive IR plan to help the organization react to a sudden security incident in an orderly, rational manner.