Security News > 2020 > December

Entrust announced that Entrust Certificate Manager is now available in the ServiceNow Store. With the Entrust Certificate Manager App for ServiceNow, users are able to manage their assets, configuration and digital identities in one place.

CloudPassage announced the addition of Google Cloud Platform support for Halo Cloud Secure, the cloud security posture management service of the Halo cloud security platform. With this release, Halo Cloud Secure automatically discovers and inventories cloud assets and resources hosted on GCP, determines their security posture, alerts users to misconfigurations and exposures, and provides best-practice remediation advice.

Cyberbit announced a new partnership with Optiv to bring simulation-based SOC Team training to Optiv clients throughout North America. Through this strategic partnership, Optiv will offer the Cyberbit platform to train cybersecurity teams from "Zero to hero," developing skills in cyber labs before responding to real-world cyberattacks, simulated in a virtual SOC within the cyber range.

Datadog announced a new integration for Datadog Compliance Monitoring with the Amazon Web Services Well-Architected Tool. The AWS Well-Architected Tool enables customers to review the state of their workloads and compare them to the latest AWS architecture best practices.

With security teams limited in resources, especially as state and public schools and universities are facing shortages caused by the coronavirus, educational institutions and others must find a way to increase their security posture to reduce threats like ransomware from taking hold. To ensure that the network is secured and to audit how malware is able to move through it, schools and businesses need to deploy network traffic analytics capable of using machine learning to quickly identify where there are security vulnerabilities and spot breaches.

The Energy Department and its National Nuclear Security Administration, which is the agency that maintains the U.S. nuclear stockpile, have been compromised as part of the widespread cyberattack uncovered this week stemming from the massive SolarWinds hack. An exclusive report by Politico cited DoE official sources who said that their department was infiltrated by the cyberattackers, including hits on the NNSA; the Federal Energy Regulatory Commission which has oversight for the entire department; the Sandia and Los Alamos national laboratories in Washington and New Mexico; and the Richland Field Office of the DoE. The DoE confirmed its compromise on Friday.

A patch for the popular WordPress plugin called Contact Form 7 was released Thursday. The patch comes in the form of a 5.3.2 version update to the Contact Form 7 plugin.

"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others." Characterizing the hack as "a moment of reckoning," Microsoft president Brad Smith said it has notified over 40 customers located in Belgium, Canada, Israel, Mexico, Spain, the UAE, the UK, and the US that were singled out by the attackers.

Renewable electricity and gas supplier People's Energy has told its 250,000-plus customers that a "Gap" in the security of its IT system was exploited by digital burglars. The British company's co-founders Karin Sode and David Pike wrote to customers on Thursday morning to confirm that "Yesterday People's Energy was affected by a cyber security data breach."

End users just want to do their job, not become cybersecurity experts. To eliminate the glut of information, Finney, in the Forbes article Tactical Literacy: How We Can Overcome Ignorance In Cybersecurity, suggests we embrace "Tactical literacy." As to what that means, let's start by defining tactical and literacy with regards to cybersecurity.