Security News > 2020 > December

The United States and Australia have signed a first-ever bilateral agreement that allows the U.S. Cyber Command and the Information Warfare Division of the Australian Defense Force to jointly develop and share a virtual cyber training platform. The two countries' departments of defense will achieve this by incorporating IWD's feedback into USCYBERCOM's simulated training domain known as the Persistent Cyber Training Environment.

China poses the greatest threat to America and the rest of the free world since World War II, outgoing National Intelligence Director John Ratcliffe said Thursday as the Trump administration ramps up anti-Chinese rhetoric to pressure President-elect Joe Biden to be tough on Beijing. "It offered nothing new but repeated the lies and rumors aimed at smearing China and playing up the China threat by any means," Hua said at a daily briefing on Friday.

Staffing agency Randstad NV announced today that their network was breached by the Egregor ransomware, who stole unencrypted files during the attack. Randstad is the world's largest staffing agency with offices in 38 markets and the owner of the well-known employment website Monster.com.

VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. Zero-day reported by the NSA. While initially, the company didn't disclose the identity of the organization or researcher who reported the vulnerability, VMware acknowledged the US Defense Department's intelligence agency contribution in an update to the security advisory made on Thursday.

You'll be pleased to know that SANS Institute has two events coming in the New Year that will enable you to skill up with some of their finest tutors, virtually of course, and all on European time. If you want to take things at a more leisurely pace, or just want to fit your training around work and family, check out DFIR Multi-Week 2021, which runs from February 1 to February 12, again, all online.

We need to keep in mind that periodic updates are being released for all the applications we use and many of those updates include critical security fixes for vulnerabilities that are being exploited. Very few of us are in a position to instantly update all the systems in our organizations, so we need to prioritize what needs to be updated first, and that should be driven by risk.

Intel unveiled ControlFlag - a machine programming research system that can autonomously detect errors in code. "We think ControlFlag is a powerful new tool that could dramatically reduce the time and money required to evaluate and debug code. According to studies, software developers spend approximately 50% of the time debugging. With ControlFlag, and systems like it, I imagine a world where programmers spend notably less time debugging and more time on what I believe human programmers do best - expressing creative, new ideas to machines," said Justin Gottschlich, principal scientist and director/founder of Machine Programming Research at Intel Labs.

For performance, the SASE report lists capabilities like SD-WAN and CDNs. When thinking about your SASE strategy you should think about where you have your interface with employees / users and where your security controls are integrated. With CDN you would want to focus on factors like location/number of POPs and peering relationships, ability to scale, international presence, and capabilities based on your business needs like image management, caching at edge and route optimization/acceleration.

"Just because more of our lives are now online doesn't mean the digital world has become safer-everyone needs to remember proper password hygiene and implement cybersecurity-related best practices," said Dashlane's Head of IT, Jay-Leaf Clark. Repeat 2017 Worst Password Offender and world's largest credit bureau Experian suffered a major breach of its South African branch after handing over personal information to a client impersonator.

There's a 1% decrease in suspected online retail fraud worldwide during the start of the 2020 holiday shopping season compared to the same period in 2019, a 59% increase from the same period in 2018 and a 14% increase from all of 2020 so far, TransUnion research reveals. The concern is relatively uniform across generations, though Gen X are the most worried about being victimized at 53%. Heading into the holiday shopping season, the study conducted from Oct. 28 to Nov. 5, 2020 found 37% of 9,515 consumers surveyed globally said they had been targeted by digital fraud related to COVID-19, a 28% increase from the same survey the week of April 13, 2020.