Security News > 2020 > December

Google makes its money from being the world's middle man for online advertising. The more ambitious can install software like PiHole, which sits on your home network and does the same for all traffic, if you're comfortable with setting up servers and tinkering with DNS. The more technical you are, the more options you get - although why no mainstream home router makers have put ad and track filtering in their products is slightly mystifying.

Microsoft has partially addressed known issues impacting Windows 10 devices with certain Conexant or Synaptics audio devices after investigating ongoing errors since May 2020. The known issue impacting computers with Conexant audio drivers has been under investigation since May 2020 when Microsoft released Windows 10, version 2004.

Google users are currently experiencing issues around the world, with users unable to access Gmail, YouTube, Google Drive, Google Maps, Google Calendar, and other Google services. According to DownDetector and user reports, Google services are currently experiencing an outage in the U.S, Europe, and other parts of the world.

When speed is everything, developers are often reluctant to prioritize security - so how do you make DevSecOps stick with developers? Developers are the key to DevSecOps success and as a result, their approach to security must be consistent.

Let's break down these three scenarios and share how XDR is positioned to help. With the XDR market incorporating automation and orchestration, this reduces human effort, human errors, and can directly impact time to respond if the XDR console allows orchestrated, real-time response.

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. "SoReL-20M", as it's called, is a dataset containing metadata, labels, and features for 20 million Windows Portable Executable files, including 10 million disarmed malware samples, with the goal of devising machine-learning approaches for better malware detection capabilities.

Some companies have argued that narrowing the scope of the CFAA would not be damaging to security programs if companies are already contracting security services, including crowdsourced programs like bug bounty. One company received pushback from the information security community when it accused MIT security researchers of acting in "Bad faith" by identifying vulnerabilities in its mobile app.

83% of the top U.S. retailers have connections to a vulnerable third-party asset, and 43% have vulnerabilities that pose an immediate cybersecurity risk, Cyberpion reveals. "This holiday season is a perfect storm for the retail industry given increased e-commerce activity due to COVID-19, and the heavy reliance of retailers on third party providers of tracking, behavior, analytics and advertising services," said Cyberpion CRO Ran Nahmias.

The motive and the full scope of what intelligence was compromised remains unclear, but signs are that adversaries tampered with a software update released by Texas-based IT infrastructure provider SolarWinds earlier this year to infiltrate the systems of government agencies as well as FireEye and mount a highly-sophisticated supply chain attack. "The compromise of SolarWinds' Orion Network Management Products poses unacceptable risks to the security of federal networks," said Brandon Wales, acting director of the US Cybersecurity and Infrastructure Security Agency, which has released an emergency directive, urging federal civilian agencies to review their networks for suspicious activity and disconnect or power down SolarWinds Orion products immediately.

A WatchGuard report reveals how COVID-19 has impacted the security threat landscape, with evidence that attackers continue to target corporate networks despite the shift to remote work, and a rise in pandemic-related malicious domains and phishing campaigns. "As the impact of COVID-19 continues to unfold, our threat intelligence provides key insight into how attackers are adjusting their tactics," said Corey Nachreiner, CTO at WatchGuard.