Security News > 2020 > October

In its report, "The Future Enterprise: The Next Normal Priorities Driving Technology Investments," IDC found that largely due to cloud and remote work support, actual market performance, especially in the US, has been stronger than survey and market indicators had previously predicted. A stronger PC volume and focus on security were strengthened thanks to stabilized cloud and digital services driven by service-provider investments.

"BlackBerry has always been known for our strong strategy," chief exec John Chen told the BlackBerry Security Summit earlier this week - just as a well-read investment blog concluded that "Without a meaningful shift, this company will probably keep on struggling". This was followed by pulling the sheets off its Unified Endpoint Security Solution for AI-powered Cybersecurity, claiming it "Delivers security and Zero Trust with a zero touch end-user experience through a single console and offers the end-to-end solution with the broadest set of AI-based security capabilities and visibility across mobile, desktop, apps and people."

Microsoft warned users on Thursday that it has spotted a sophisticated piece of Android ransomware that abuses notification services to display a ransom note. Roid ransomware typically allows cybercriminals to make a profit not by encrypting files - such as in the case of ransomware targeting desktop systems - but by displaying a full-screen ransom note that is difficult for the user to remove.

A computer hacker who gave the Islamic State group personal data of more than 1,300 U.S. government and military personnel will remain in a federal prison after a judge rejected his request for compassionate release. He is currently held at a federal prison in Lewisburg, Pennsylvania, and is scheduled for release in 2032 if he gets credit for good behavior.

A new report from data protection provider Infrascale discusses how ransomware and other cyberattacks can harm SMBs and how they can better protect their critical data in the event of an attack. Data protection is designed to defend data against both internal and external threats, including data corruption, server crashes, human error, malicious attacks, and even natural disasters.

Microsoft is rolling out a new feature in Microsoft Edge that integrates Skype's Meet now video conferencing feature on the new tab page, also known as NTP. With this new feature, Microsoft aims to help consumers relying on video conferencing to get in touch with coworkers, friends, and relatives without creating a Skype or Microsoft account. Last month, Microsoft added the Skype Meet feature to Windows 10 preview builds and the same feature is now rolling out to Microsoft Edge.

Cisco has issued patches for high-severity vulnerabilities plaguing its popular Webex video-conferencing system, its video surveillance IP cameras and its Identity Services Engine network administration product. Overall, Cisco on Wednesday issued the three high-severity flaws along with 11 medium-severity vulnerabilities.

In the case of HEH, the P2P module itself includes three components, starting with one that pings for all other nodes in the botnet at 0.1-second intervals and waits for a pong back; and one that updates the node with the latest peer addresses. For the former, "The UDP service port of HEH botnet is not fixed, nor is it randomly generated, but is calculated based on [the] peer's own public network IP," explained the firm.

There has long been a tension between our willingness to give up personal information, security and privacy and our desire for convenience. How the security community and policymakers react to this shift will determine whether this expanded concept of PII is simply enabling new forms of consumer convenience, or something more dystopian.

Criminals who figure out how to commandeer a vulnerable device inside your network can use that device to map out, scan and attack your laptop - the one you're using right now to work from home - as if they were right there beside you. These give crooks a way to create secret, encrypted network "Tunnels" into and out of your network using software that's already there.