Security News > 2020 > December

As many companies continue to grapple with a remote workforce, overall employee security measures become more critical, especially as many are relying on personal devices and networks for work. The online survey, conducted by The Harris Poll on behalf of Dashlane among over 1,200 employed U.S. Americans, sheds light on how employees view and manage company security, and reveals they aren't necessarily taking the security of their work accounts as seriously as they should.

Managing and securing AD and AAD with a dynamic zero trust approach is critical to success, and can help businesses improve their overall security posture to address the reality, as evidenced in other studies, that show 80 percent of breaches involve compromised or weak administrative credentials. "With 95 percent of global Fortune 1000 companies relying on Active Directory to manage their users' access, and the swift move toward Azure and cloud adoption, it becomes a natural starting point for businesses looking to implement a zero trust security model," said Bhagwat Swaroop, president and general manager, One Identity.

The second most common reason survey respondents said they use an MSP is for increased security. "Based on the results, we recommend that MSPs continue to lead with solutions focused on security, data storage, and data analytics. Our most successful MSP partners are enabling their businesses to be more secure and to always access and analyze their data. The lifeblood of any business is its data, so it makes sense that securing it, backing it up, and analyzing it is most important to businesses."

Vulnerabilities in the protocols used by standalone 5G network implementations could expose users to information theft, impersonation, and other types of attacks, Positive Technologies warned on Wednesday. Current 5G networks are non-standalone implementations that are based on the existing 4G LTE infrastructure, but wireless carriers are expected to invest heavily into transitioning to standalone implementations in the next few years.

Rice University researchers have discovered a more efficient way for social media companies to keep misinformation from spreading online using probabilistic filters trained with artificial intelligence. The new approach to scanning social media is outlined in a study presented by Rice computer scientist Anshumali Shrivastava and statistics graduate student Zhenwei Dai.

CodeZero has launched the ZERO BrandCard, a digital identity card of the future, backed by LISNR to enable a secure and contactless digital identity exchange. Looking for a market solution to help combat digital identity spoofing & enable contactless authentication, CodeZero recognized LISNR's ultrasonic technology as the safest and most seamless data transfer and authentication medium.

Okera announced the next evolution of the Okera Dynamic Access Platform and the introduction of the industry's first "Co-located" deployment mode for the Okera Adaptive Security Plane. A leading Fortune 100 apparel company using Okera's nScale on Amazon EMR is able to provision tens of thousands of EMR nodes daily with data security at no infrastructure or performance cost.

"This security setting determines the period of time that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If the maximum password age is between 1 and 999 days, the minimum password age must be less than the maximum password age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days." "Specops Password Policy provides many additional features when compared to the default Active Directory Password Policy settings, including password expiration. One of the options contained in the Specops Password Policy is called"Length based password aging.

NETSCOUT announced the extension of its Smart Perimeter Protection to AWS. The combination of NETSCOUT's Cyber Investigator and CyberStream software with new AWS packet access services helps contain costs and achieve better efficiencies in mitigating novel security threats as enterprises move applications to the cloud. As the threat surface expands, the solution uses packet data and powerful cyber analytics to get to the root cause of cybersecurity issues quickly.

A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed that the operators behind the espionage campaign likely managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the malicious backdoor through its software release process. "The source code of the affected library was directly modified to include malicious backdoor code, which was compiled, signed, and delivered through the existing software patch release management system," ReversingLabs' Tomislav Pericin said.