Security News > 2020 > October

We hear about some of them because security researchers tell us how they discovered them, pinpointed their owners and alerted them, but many others are found by attackers first. In the past two decades, he created the product security division at Progeny Linux Systems and worked as a manager of the Red Hat product security team and headed the security strategy in Red Hat's Platform Business Unit.

Vectra released its report on Microsoft Office 365, which highlights the use of Office 365 in enterprise cyberattacks. The report explains how cybercriminals use built-in Office 365 services in their attacks.

As evolution to the cloud is accelerated by digital transformation across industries, virtual appliance security has fallen behind, Orca Security reveals. The report illuminated major gaps in virtual appliance security, finding many are being distributed with known, exploitable and fixable vulnerabilities and on outdated or unsupported operating systems.

Microsoft has fixed nearly 90 vulnerabilities with its October 2020 Patch Tuesday updates and while none of them has been exploited in attacks, several of the flaws were publicly disclosed before the patches were released. The publicly disclosed vulnerabilities have been classified as important severity and their exploitation can lead to information disclosure or privilege escalation.

Organizations are struggling to keep up with IT security and privacy compliance regulations, according to a Telos survey. The survey, which polled 300 IT security professionals in July and August 2020, revealed that, on average, organizations must comply with 13 different IT security and/or privacy regulations and spend $3.5 million annually on compliance activities, with compliance audits consuming 58 working days each quarter.

MSSPs are turning to multitenant solutions to help reduce the complexity of managing multiple security solution instances across their client base. According to a recent , multitenant platforms allow MSSPs to scale their business with far fewer resources while improving their security posture by consolidating all operations oversight and management into a single, unified platform.

IoT, authentication and cloud, top drivers in PKI usage growth. PKI usage surging for cloud and authentication use cases.

Cyborg Security announced a new threat hunting content platform that will help businesses grapple with the exponential rise in cyber threats that strike their IT assets and maximize the value of their existing security controls. Cyborg Security's HUNTR platform has been developed by a world class team of threat hunting experts to deliver advanced threat hunting and detection content, empowering organizations to move beyond reactive security, to proactive threat hunting.

Booz Allen Hamilton announced the availability of SnapAttack-a cloud-based software solution that brings together actionable threat intelligence and hacker detection. By unifying the security lifecycle into a single solution, SnapAttack enables red and blue teams to work together, emulating attacks from intelligence data, sharing insights of malicious behavior, and developing vendor-agnostic behavioral detection analytics to stop advanced adversaries.

Shujinko launched AuditX, a SaaS platform that simplifies, automates and modernizes the enterprise cloud security compliance audit process to make it up to 3x faster and dramatically simpler. Simultaneously, the company announced its Automated Evidence Collection Engine, the industry's first platform for automatically orchestrating, collecting and transforming compliance evidence directly from public cloud platforms and other SaaS systems.