Security News > 2020 > November

Autonomous identity is no longer a far-out destination; it's just up ahead. SailPoint announced a series of planned updates to its SaaS identity platform to enable enterprises to automate important identity processes that match the speed and pace of today's dynamic business environment. The new features, which include role insights and access request recommendations, leverage machine learning algorithms to deliver on the SailPoint Predictive Identity vision.

Action1 announced that Action1 service is now free, without any functionality limitations, for up to 10 endpoints. The cloud service allows to implement remote support of at-home employees and enforce the same IT security standards as in office-based environments.

Cellusys pioneers the use of zero trust security to help their 800 million mobile phone end users combat SMS phishing and fraud. Cellusys has partnered with internet security firm MetaCert to provide an SMS security solution, using zero trust methodology to combat cyberattacks such as phishing, malware and financial fraud.

Sectigo and Green Hills Software announce a global reseller agreement. The agreement enables Green Hills Software to offer Sectigo's Icon LabsTM Embedded Firewall, integrated and optimized for use with Green Hills Software's INTEGRITY real-time operating system and its embedded high-performance TCP/IP v4/v6 host and router networking stack.

Brovko was tasked with sifting through the logs of these botnets for internet banking credentials vacuumed by the malware, which were subsequently used by fellow conspirators to steal millions of dollars from Americans' accounts in fraudulent transfers. "Where his computer code could not effectively parse the data, Brovko supplemented his computer-automated efforts with manual searches of the data," his indictment [PDF] noted.

2020 has been a year of incredible uncertainty and upheaval, which for security professionals inevitably means threats have multiplied right across the enterprise. This in no way means the ongoing threat to Industrial Control Systems has diminished.

Threat actors found success infecting businesses with ransomware and stealing company data, turning those ransomware attacks into data breaches. "The seemingly crazy predictions of the past around the cost of ransomware attacks on the healthcare industry stand to be proven true in 2021. We've seen a substantial rise in ransomware since the onset of COVID, and as the space race 2.0 continues, so will the prevalence of attacks," said John Ford, IronNet cyber strategist and former healthcare CISO. With countries all around the world hunting for a COVID vaccine there will be more nation-state attacks leveraging ransomware and an increase in cloud-based ransomware attacks as healthcare systems expedite their transition to meet the growing remote needs, Ford predicts.

Oracle has released an out-of-band security alert for a critical remote code execution vulnerability affecting WebLogic Server. "This Security Alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. [] It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," Oracle notes in its advisory.

"For over a decade, Brovko participated in a scheme to gain access to Americans' personal and financial information, causing more than $100 million in intended loss," said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department's Criminal Division, in a statement issued Monday. In October, a new variant of the InterPlanetary Storm botnet was discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices.

Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave. More than half of cybersecurity professionals in a recent survey - 57 percent - reported that the cybersecurity skills shortage is either "Bad" or "Very bad" at their companies.