Security News > 2020 > November

On US presidential election day, 3 November, the nation's Federal Bureau of Investigation acted to seize 27 domains it says Iran used to conduct disinformation campaigns. FBI Special Agent in Charge Craig D Fair said the domains were used by Iran's Islamic Revolutionary Guard Corps "In attempt to manipulate public opinion in other countries, including the United States."

They've been used for ages with great success and, as a result, make the concept of possession as a primary factor easy for users to understand: "Keep your keys safe, it grants you access." There was never a need to add an extra layer of authentication. After much experimenting with identification and endpoints, the iPhone can now act as a car key.

For many organizations, working with the current identity access management and identity governance and administration solutions is like driving a 20-year-old car: it gets you from A to B and may look fine from the outside, but when you consider its safety standards, its high fuel consumption, the costly breakdowns you've had recently and the increasing challenge of finding a mechanic who still knows how to fix it, you realize it's time for a new set of wheels. It's very difficult for organizations to maintain a highly customized code in their environments that the first generation of IGA products required.

Details on a vulnerability impacting GitHub Actions were made public this week by Google, following a 104-day disclosure deadline. The bug was identified by security researcher Felix Wilhelm of Google Project Zero, who reported it to GitHub on July 21.

Driven by a strong curiosity to know how computers and computer programs are made, how they work, and how safe they are, Sheila A. Berta, Head of Security Research at Dreamlab Technologies, has been interested in cybersecurity since her early teens. "At the moment everything tends to migrate to containerized, serverless and/or cloud environments with a microservices focus, so DevOps and other IT professionals have been forced to learn how to implement and work with these infrastructures," she explained her more recent research interests.

Trend Micro has patched several vulnerabilities in its InterScan Messaging Security product, including flaws that could have a serious impact. InterScan Messaging Security is an email and collaboration security product designed to provide protection against spam, phishing and sophisticated attacks.

The global number of industrial IoT connections will increase from 17.7 billion in 2020 to 36.8 billion in 2025, representing an overall growth rate of 107%, Juniper Research found. The research identified smart manufacturing as a key growth sector of the industrial IoT market over the next five years, accounting for 22 billion connections by 2025.

Check out this series to understand the phisher’s perspective and better defend your organization from cyber threats. In this series of videos, BitDam’s cyber expert, Roy Rashti, will share some...

California voters have backed an initiative expanding a data privacy law criticized by rights watchdogs as having worrying "Loopholes" for firms such as Google and Facebook. The California Consumer Privacy Act become law at the start of this year, the toughest of its kind in the US. Like the European Data Protection Regulation, applied in the European Union since May 2018, the California law guarantees rights regarding control of online data.

Ermetic announced a platform that provides full stack visibility and control over multi-cloud infrastructure entitlements. To help security and cloud operations teams reduce their attack surface, Ermetic combines a holistic view of both network access and IAM policy entitlements to comprehensively assess risks.