Security News > 2020 > November

Inventor of the world wide web, Tim Berners-Lee, is having another crack at fixing the internet's biggest problems with the launch of a new enterprise server. The Inrupt Enterprise Solid Server is the first product from a company the inventor started two years ago in response to the problem of personal data online, where tech giants like Facebook and Google build vast databases on user's profiles and sell them to advertisers to make massive profits.

Threat Stack announced ThreatML, its new machine learning engine that enhances security observability for the Threat Stack Cloud Security Platform, Threat Stack Oversight, and Threat Stack Insight with anomaly detection. The Threat Stack Cloud Security Platform collects, normalizes, and analyzes over 60 billion events per day from customer cloud infrastructure and applications.

Being a CTO is about more than just choosing technology solutions or making sure people can work from home successfully. The CTO role is changing to encompass supply chain resiliency, communications solutions and support for sales teams, preventing technological surprise and meeting broader business unit needs.

Specops Password Auditor, a free tool, provides an automated tool to proactively scan and find weak, reused, and breached passwords in use in your Active Directory environment. Specops Password Auditor shows the location, last logon, and associated password policy of the particular user account.

As organisations cannot always control the security measures of their supply chain partners, IoT supply chains have become a weak link for cybersecurity. "Securing the supply chain of ICT products and services should be a prerequisite for their further adoption particularly for critical infrastructure and services. Only then can we reap the benefits associated with their widespread deployment, as it happens with IoT," said Juhan Lepassaar, Executive Director, ENISA. In the context of the development of the guidelines, ENISA has conducted a survey that identifies the existence of untrusted third-party components and vendors, and the vulnerability management of third-party components as the two main threats to the IoT supply chain.

Researchers found several potentially serious vulnerabilities in the PcVue SCADA/HMI solution developed by France-based ARC Informatique, including flaws that can allow an attacker to take control of industrial processes or cause disruption. The PcVue product was analyzed by researchers from Kaspersky, who identified a total of three vulnerabilities.

The majority of UK businesses using Oracle E-Business Suite are running on old versions of the business critical ERP system, according to a Claremont study. With Oracle cutting off premier support to EBS 12.1 in December 2021, this leaves these businesses facing potential legislative and security issues if they fail to upgrade prior to the deadline.

After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum. 5.8 million RedDoorz user records sold online.

A former Microsoft worker was sentenced Monday to nine years in prison for a scheme to steal $10 million in digital currency - money authorities said he used to buy a $160,000 car and a lakefront home. Volodymyr Kvashuk, a 26-year-old Ukrainian citizen living in Renton, Washngton, was responsible for helping test Microsoft's online retail sales platform.

CoSoSys announces a main upgrade for Endpoint Protector, a multi-OS Data Loss Prevention solution for Windows, macOS, and Linux computers. The newest version, Endpoint Protector 5.2.0.9, brings essential functionalities that will help enterprises in industries such as financial services, healthcare, insurance, and law to protect data efficiently in the age of work-from-home.