Security News > 2020 > December

Sysnet Global Solutions announces that it has acquired Viking Cloud to further enhance its technology platform and accelerate its market expansion plans. Viking Cloud delivers asset, event and compliance management through its industry-leading next-generation cloud security platform.

The new funding will be used to support an expanding set of global customers across a diversity of industries - including electric, oil & gas, manufacturing, mining, chemicals, and transportation - and to accelerate the next stage of the company's worldwide operations to address the burgeoning market for ICS/OT cybersecurity solutions. "Our Series C funding is an investment by industry, for industry, and will enable us to fully meet this moment for our customers by advancing the innovative technology at the center of our Dragos Platform, expanding our global footprint, and continuing to recruit the world's most elite team of ICS/OT cybersecurity experts."

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft's most-dire "Critical" label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users. Some of the sub-critical "Important" flaws addressed this month also probably deserve prompt patching in enterprise environments, including a trio of updates tackling security issues with Microsoft Office.

Red Balloon Security announced the appointment of David Doggett as Senior Strategist for its growing industrial market. "David's senior role at Schneider Electric, and his extensive experience in industrial cybersecurity, make him a great addition to our company, as we work with major industries to drive cybersecurity innovation beyond the network and control room level, to the embedded devices and endpoints that actually run these critical operations," said Dr. Ang Cui, CEO of Red Balloon Security.

Code42 announced the appointment of Lisa Woodson to the role of chief people officer. As Code42's chief people officer, Woodson will lead all areas of HR, oversee the Code42 People Team and report to CEO Joe Payne.

Google patched ten critical bugs as part of its December Android Security Bulletin. The worst of the bugs was tied to the Android media framework component and gives attacker remote control of vulnerable handsets.

Cybersecurity powerhouse FireEye late Tuesday acknowledged that a "Highly sophisticated" threat actor broke into its corporate network and stole a range of automated hacking tools and scripts. "Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them, FireEye is releasing hundreds of countermeasures with this blog post to enable the broader security community to protect themselves against these tools," FireEye said in a blog post announcing the intrusion.

For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements. In a post on Monday to a Kubernetes mailing list, Apple software engineer Tim Allclair, a member of the Kubernetes Product Security Committee, outlined a medium severity bug by which an individual with the ability to create or edit services and pods could intercept traffic from other pods/nodes in the cluster.

The attacker targeted and was able to access certain Red Team assessment tools that the company uses to test its customers' security. "The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination."

Tutanota has been served with a court order to backdoor its encrypted email service - a situation founder Matthias Pfau described to The Register as "Absurd." Our friends at Heise reported auf Deutsch that a court in Germany last month ordered Tutanota to help investigators monitor the contents of a user's encrypted mailbox.