Security News > 2020 > October

Object Ownership is a permission that can be set when creating a new object within an S3 bucket, to enforce the transfer of new object ownership onto the bucket owner. "With the proper permissions in place, S3 already allows multiple AWS accounts to upload objects to the same bucket, with each account retaining ownership and control over the objects. This many-to-one upload model can be handy when using a bucket as a data lake or another type of data repository. Internal teams or external partners can all contribute to the creation of large-scale centralized resources," explained Jeff Barr, Chief Evangelist for AWS. But with this set up, the bucket owner doesn't have full control over the objects in the bucket and therefore cannot use bucket policies to share and manage objects.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

The Iran-linked threat actor known as MuddyWater is actively targeting the Zerologon vulnerability in Windows Server, Microsoft warns. According to Microsoft, one of the latest changes in the group's tactics is the adoption of exploits for Zerologon, a Netlogon remote protocol vulnerability that was addressed in August 2020.

Former Vice President Cheney, for example, had the wireless capabilities of a defibrillator disabled when implanted near his heart in 2007, and hospital IT departments and health providers have for years secured medical devices to protect patient data and meet HIPAA requirements. On top of this, millions of additional connected devices are maintained by the patients themselves.

Organizations are building confidence that their cybersecurity practices are headed in the right direction, aided by advanced technologies, more detailed processes, comprehensive education and specialized skills, a research from CompTIA finds. At the same time, many companies acknowledge that there is still more to do to make their security posture even more robust.

The importance of monitoring is often left out of discussions about DevOps, but a Gartner report shows how it can lead to superior customer experiences. Automate the transmission of embedded monitoring results between monitoring and deployment tools to improve application deployments.

The United Nations' International Maritime Organization last week said some of its systems were disrupted as a result of a cyberattack. IMO's website and other web services were first disrupted on September 30, when the agency announced on Twitter that its team was working on fixing some "Technical issues." Then, on October 2, it admitted that the problems were caused by a cyberattack, and said that it was working on restoring impacted systems.

The report notes that while organizations are more ethically aware, progress in implementing ethical AI has been inconsistent. The progress on "Fairness" and "Auditability" dimensions of ethical AI has been non-existent, while transparency has dropped from 73% to 59%, despite the fact that 58% of businesses say they have been building awareness amongst employees about issues that can result from the use of AI. The research also reveals that 70% of customers want a clear explanation of results and expect organizations to provide AI interactions that are transparent and fair.

66 percent of consumers surveyed either don't use any type of password manager or aren't sure if they do, despite 52 percent of them having concerns about becoming victims of ATO in the future, and 25 percent reporting that they have already had their accounts hacked at least once before. Additional findings Attacks are fueled by automation: Between Q2 2019 and Q2 2020, ATO attacks happened in discrete waves about a week apart, indicating that fraudsters are turning to bots and automation in order to overwhelm trust & safety teams.

Two US government tentacles this week snared John McAfee, accusing the one-time antivirus mogul of tax evasion and breaking securities law. McAfee was cuffed in Spain, and is awaiting extradition to the US. McAfee is set to face trial on ten criminal charges of tax evasion and willful failure to file tax returns, brought by the Dept of Justice.