Security News > 2020 > October

QNAP today announced two vulnerabilities affecting QTS, the operating system powering its network-attached storage devices, that could allow running arbitrary commands. The network-attached storage device vendor does not provide too many details about the two issues but says that recent QTS releases include the necessary patches.

Cloud-first security firm Wandera reports that malicious network traffic is the highest cybersecurity risk for hospitals and other healthcare providers and affects 72% of all organizations. The new report, "Cybersecurity in the Healthcare Industry," ranked phishing and outdated operating systems as the other top risks.

A recent attack on Tyler Technologies, a software provider for local governments across the US, highlighted the concerns held across the nation and left many to wonder if the software providers in charge of presidential election data might suffer a similar fate. The best defense also integrates cybersecurity and data protection, as removing segmentation streamlines the process of detecting and responding to attacks, while simultaneously recovering systems and data.

The majority of applications contain at least one security flaw and fixing those flaws typically takes months, a Veracode report reveals. Using multiple application security scan types, working within smaller or more modern apps, and embedding security testing into the pipeline via an API all make a difference in reducing time to fix security defects, even in apps with a less than ideal "Nature."

Vulnerability management technology addresses the threat landscape, which is in a constant state of flux. The leading VM platforms provide a complete picture of a client's security posture, correlating the client organization's assets, classifying their importance with the vulnerabilities identified in the scan, and offering information for remediation.

One Identity released a global survey that reveals attitudes of IT and security teams regarding their responses to COVID-19-driven work environment changes. 99% of IT security professionals said their organizations transitioned to remote work because of COVID-19, and only a third described that transition as "Smooth." 62% of respondents indicated that cloud infrastructure is more important now than 12 months ago.

Despite Google's best efforts to keep Android users safe, malware does manage to slip into Google Play from time to time, and the 21 malicious apps that Avast identified recently are proof of that. The offending applications appear to have been downloaded roughly 8 million times before being discovered.

Attacks on IoT devices continue to rise at an alarming rate due to poor security protections and cybercriminals use of automated tools to exploit these vulnerabilities, according to Nokia. The report found that internet-connected, or IoT, devices now make up roughly 33% of infected devices, up from about 16% in 2019.

GrammaTech announced CodeSentry, which performs binary software composition analysis to inventory third party code used in custom developed applications and detect vulnerabilities they may contain. CodeSentry identifies blind spots and allows security professionals to measure and manage risk quickly and easily throughout the software lifecycle.

Cyemptive Technologies cautioned entities to recognize the limitations of relying solely on detection based Artificial Intelligence for cyber protection and outlines the first reliable solution to address these limitations and provide actual preemptive cyber-attack prevention. According to Cyemptive, most companies have serious cyber problems even when deploying AI and behavioral detection technologies.