Security News > 2020 > November

New Zscaler threat research reveals the emerging techniques and impacted industries behind a 260-percent spike in attacks using encrypted channels to bypass legacy security controls. Researchers witnessed a 5x increase in ransomware attacks over encrypted traffic beginning in March, when the World Health Organization declared the virus a pandemic.

ZeroNorth announced the availability of its Defect Density Dashboard, a new capability within its SaaS-based application security automation and orchestration platform. A new variant of the widely used metric for measuring software quality, the ZeroNorth Defect Density Dashboard highlights the number of application security defects per thousand lines of code.

BotRx announced new customizable Business Risk x-tension that bridges the gap between application security and business risk awareness. The BRx platform delivers deep data insight for mission critical business variables and gives the ability to contextualize the impact of bot and manual attacks specific to business operations.

A wave of cyberattacks against retailers running the Magento 1.x e-commerce platform earlier this September has been attributed to one single group, according to the latest research. Collectively called Cardbleed, the attacks targeted at least 2,806 online storefronts running Magento 1.x, which reached end-of-life as of June 30, 2020.

Kasada, provider of the only online traffic integrity solution that accurately detects and defends against bot attacks, announced the introduction of Kasada API, which protects an organization's web and mobile APIs from automated botnet attacks and targeted fraud. "By delivering Kasada API, we are providing our customers with a holistic line of defense that not only mitigates current attacks but also deters future ones."

A ransomware group has now started to run Facebook advertisements to pressure victims to pay a ransom. Yesterday, the ransomware operators behind Ragnar Locker took it to the next level by hacking into a Facebook advertiser's account and creating advertisements promoting their attack on Campari Group.

Microsoft formally released fixes for 112 newly discovered security vulnerabilities as part of its November 2020 Patch Tuesday, including an actively exploited zero-day flaw disclosed by Google's security team last week. Outside of the zero-day, the update fixes a number of remote code execution vulnerabilities impacting Exchange Server, Network File System, and Microsoft Teams, as well as a security bypass flaw in Windows Hyper-V virtualization software.

The end of the year is coming, and it's time for security decision-makers to make plans for 2021 and get management approval. The Definitive 2021 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an off-the-shelf tool to clearly and easily present their plans and insights to management.

Palo Alto Networks introduced Enterprise Data Loss Prevention-a cloud-delivered service that brings a fresh, simple and modern approach to data protection, privacy and compliance. "Data breaches are a huge and growing problem worldwide, but the existing legacy and point solutions are not accessible, appropriate or effective for many of the companies that need them," said Anand Oswal, senior vice president and general manager, Firewall as a Platform, Palo Alto Networks.

Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.