Security News > 2020 > September

Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China. "While we cannot see what Palmerworm is exfiltrating from these victims, the group is considered an espionage group and its likely motivation is considered to be stealing information from targeted companies," the cybersecurity firm said.

It's based on the Electron framework, which allows developers to create cross-platform desktop apps using JavaScript, Node.js, and other web technologies. Many of the recent security improvements in Electron involve new APIs and best practices to keep Electron's main process and its access to the Node.js APIs isolated from Electron's rendering process, which runs web code.

Seasoned cybersecurity pros will be familiar with MITRE. Known for its MITRE ATT&CK framework, MITRE helps develop threat models and defensive methodologies for both the private and public sector cybersecurity communities. MITRE recently added to their portfolio and released MITRE Shield, an active defense knowledge base that captures and organizes security techniques in a way that is complementary to the mitigations featured in MITRE ATT&CK. The MITRE Shield framework focuses on active defense and adversary engagement, which takes the passivity out of network defense.

Nowadays, companies not only invest in IT security solutions, but also in the training of their employees with the goal of making them more conscious of security issues. Security awareness covers various training measures which sensitize a company's employees to IT security issues.

"The first half of 2020 witnessed a radical change in DDoS attack methodology to shorter, faster, harder-hitting complex multi-vector attacks that we expect to continue," stated Richard Hummel, threat intelligence lead, Netscout. More than 929,000 DDoS attacks occurred in May, representing the single largest number of attacks ever seen in a month.

All 100 apps were analyzed using an array of static application security testing and dynamic application security testing techniques based on the OWASP mobile app security guidelines. The vast majority of medical apps have mishandled and/or weak encryption that puts them at risk for data exposure and IP theft.

We managed threats, not devices like managed security service providers, but no category existed. In response, the first MDR market guide contained a baker's generous dozen of vendors with varying services.

With advancements across the VMware networking and security portfolio, customers will be able to more effectively manage the rapid shift to remote work, deliver traditional and modern applications faster and more securely, and reduce the cost and complexity of connecting and protecting the distributed enterprise. "The VMware Virtual Cloud Network delivers the automation and economics of the public cloud across every element of the network and spanning the entire distributed enterprise at a time when agility and cost matter more than ever."

SecureCloud addresses a daunting challenge for business, DevOps, and security leaders: rapid deployment of applications and services to customers - without sacrificing security measures or privacy protections. "We greatly benefited from Anitian's Compliance Automation Platform to migrate our application to the AWS cloud and achieve our FedRAMP authorization," said Ignacio Martinez, vice president of security, risk, and compliance for Smartsheet.

CyberSaint announced the availability of new features supporting the Financial Services Sector Cybersecurity Profile within the CyberStrong platform, including automated mappings between those standards and the NIST Cybersecurity Framework, FFIEC, and others. CyberSaint's CyberStrong platform supports various risk and compliance program use cases, allowing customers to build cybersecurity resilience from assessment to boardroom.