Security News > 2020 > September

A man from India has pleaded guilty to his role in a scheme that tried to embezzle about $600,000 from seven people over the age of 65 in the U.S., federal prosecutors say. Chirag Sachdeva, 30, participated in a telemarketing scheme that offered victims computer protection services after misleading them to believe that malware had been detected on their computers, according to a statement from the U.S. attorney's office in Rhode Island.

Microsoft has open-sourced OneFuzz, its own internal continuous developer-driven fuzzing platform, allowing developers around the world to receive fuzz testing results directly from their build system. Fuzzing is an automated software testing technique that involves entering random, unexpected, malformed and/or invalid data into a computer program.

Devo Technology, a company that provides data analytics and security solutions, announced on Tuesday that it has raised another $60 million and that Marc van Zadelhoff has been appointed its chief executive officer. The $60 million that Devo raised in this Series D round brings the total secured by the company to $131 million.

Multiple vulnerabilities identified in Philips patient monitoring solutions could provide attackers with unauthorized access to patient data. "Successful exploitation of these vulnerabilities could result in unauthorized access, interrupted monitoring, and collection of access information and/or patient data," CISA says.

The U.K.'s National Cyber Security Center has released a guide to help organizations get started with implementing a vulnerability disclosure process. A well-defined vulnerability disclosure program, NCSC argues, prevents reputational damage that public disclosure may cause, and allows companies not only to establish a way to take action on the identified vulnerabilities, but also to inform the reporting entity that the issue is being managed.

Microsoft has open-sourced the fuzzing tool it uses to scour its own code for potential security vulnerabilities. The tool Microsoft has released is called "OneFuzz" and the company says it is "The testing framework used by Microsoft Edge, Windows, and teams across Microsoft is now available to developers around the world."

Bruce Schneier coined the phrase security theater to describe "Security measures that make people feel more secure without doing anything to actually improve their security." That's the situation we still face today when it comes to defending against cyber security risks. Broaching a concern such as security theater with security professionals can result in defensiveness or ire from disturbing a well-established process, or worse, practitioners assuming there is some implied level of foolishness or ineptitude.

Californians regularly opt-out of companies selling their personal information, with "Do-not-sell" being the most common CCPA right exercised, happening nearly 50% of the time over access and deletion requests, DataGrail's Mid-Year CCPA Trends Report shows. Do-not-sell requests are almost 50% of all DSRs. When CCPA went into effect in January 2020, DataGrail saw people exercise their rights immediately, with a surge of data subject requests going across its platform in January 2020.

Keepnet Labs has revealed the most vulnerable departments and sectors against phishing attacks, based on a data set of 410 thousand phishing emails, covering a period of one year. Accordingly, 90% of successful cyber attacks occur through email-based attacks.

In the amicus brief it filed, Voatz suggests that only authorized security research should be considered lawful, but not independent security research, even if in good faith. "It is clear security research has tangibly improved the safety and security of systems we depend upon. It is not a given that this vital security work will continue. A broad interpretation of the CFAA would magnify existing chilling effects, even when there exists a societal obligation to perform such research," the letter reads.