Security News > 2020 > October

Guidewire Software announced a new Remote Desktop Protocol, Exposure Signal, for its Guidewire Cyence for Cyber product. Cyberattacks against Internet-exposed RDP servers are surging, and Exposure Signal is designed to detect on-demand whether a company's RDP has been exposed to the internet and a potential cyberattack.

Privitar has announced a new integration with Collibra that combines data intelligence with privacy preservation to accelerate access to safe data. Through the API-based integration, users can democratize access to sensitive data across an organization.

CBTS announces its CBTS Microsoft Direct Route Services, which unify user communications and collaboration by connecting CBTS Cisco hosted voice solutions and legacy on-premises phone infrastructures to Microsoft Teams. "The ways organizations conduct business have changed with the steady rise of remote working, and that's only accelerated in 2020. Employees not only seek greater work-life balance, but it's a necessity during the pandemic, and technology needs to keep up," said Tony King, CBTS Chief Communications Architect.

Rockwell Automation announced that it has acquired Oylo, a privately-held industrial cybersecurity services provider based in Barcelona, Spain. Oylo is dedicated to providing a broad range of industrial control system cybersecurity services and solutions including assessments, turnkey implementations, managed services and incident response.

Eclypsium will use the new funding to scale the company, expanding sales, delivery, and R&D. Having grown annual recurring revenue over 2000% since its Series A funding, Eclypsium will continue expanding the capabilities of its device security platform to meet increased market demand. The sharp increase in the number of breaches and ransomware attacks through insecure device firmware has brought to light that most organizations cannot easily see which vulnerable devices they have in their environment or determine which devices have already been compromised.

Hitachi ID announced new executive leadership appointed to modernize how Hitachi ID delivers identity and access to Fortune 5000 companies around the world. With the rising cost of data breaches and interest in protecting its own environments globally, Hitachi, Ltd. completed acquisition of Hitachi ID in early 2020 and appointed Chief Executive Officer Kevin Nix to accelerate secure outcomes for customers against common digital identity and access vulnerabilities and threats.

The Fitbits on our wrists collect our health and fitness data; Apple promises privacy but lots of iPhone apps can still share our personal information; and who really knows what they're agreeing to when a website asks, "Do You Accept All Cookies?" Most people just click "OK" and hope for the best, says former Democratic presidential candidate Andrew Yang. "The amount of data we're giving up is unprecedented in human history," says Yang, who lives in New York but is helping lead the campaign for a data privacy initiative on California's Nov. 3 ballot.

Three immediate steps to take to protect your APIs from security risksUndermining the power of an API-driven development methodology are shadow, deprecated and non-conforming APIs that, when exposed to the public, introduce the risk of data loss, compromise or automated fraud. Nowadays, companies not only invest in IT security solutions, but also in the training of their employees with the goal of making them more conscious of security issues.

LGBTQ dating site Grindr has squashed a security bug in its website that could have been trivially exploited to hijack anyone's profile using just the victim's email address. French bug-finder Wassime Bouimadaghene spotted that when you go to the app's website and attempt to reset an account's password using its email address, the site responds with a page that tells you to check your inbox for a link to reset your login details - and, crucially, that response contained a hidden token.

Google is offering bug hunters thousands of dollars worth of compute time on its cloud to hammer away at JavaScript engines and uncover new security flaws in the software. The Mountain View ads giant said it will hand folks each up to $5,000 in Google Compute Engine credits to conduct fuzzing tests on JS interpreters, earmarking $50,000 total for the program.