Security News > 2020 > December

Roid apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020. In August, mobile app security company Oversecured discovered a vulnerability in the Google Play Core Library that allowed malicious applications to execute code in legitimate apps.

The Qualys Cloud Platform provides a convenient SaaS solution for enterprises looking to protect their public cloud workloads and boost their security posture. DevOps teams can leverage the same trusted Qualys security solutions for cloud security in their DevOps pipeline and address developers' needs.

A study of face recognition technology created after the onset of the COVID-19 pandemic shows that some software developers have made demonstrable progress at recognizing masked faces. A previous report from July explored the effect of masked faces on algorithms submitted before March 2020, indicating that software available before the pandemic often had more trouble with masked faces.

"Cloud-native is no longer just a bold new idea for most organizations, it's a reality. Enterprises have increasingly adopted cloud-native apps over the past couple years to achieve faster development cycles, greater scalability and less vendor lock-in. But their DevOps and NetOps teams are facing some serious security and networking hurdles they just didn't anticipate," said Mark Weiner, CMO, Volterra. While over half of organizations are using Kubernetes in some capacity, security and networking challenges are preventing them from using Kubernetes widely across business apps, with only 10% of organizations running half or more of their business apps on it.

TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed "TrickBoot" by Advanced Intelligence and Eclypsium, makes use of readily available tools to check devices for well-known vulnerabilities that can allow attackers to inject malicious code in the UEFI/BIOS firmware of a device, granting the attackers an effective mechanism of persistent malware storage.

The global network slicing market size is projected to grow from $161 million in 2020 to $1,284 million by 2025, at a Compound Annual Growth Rate of 51.5% during the forecast period, according to MarketsandMarkets. The network slicing market is gaining traction due to the evolution of cellular network technology, which has offered higher data speeds and lower latency.

Bitdefender launched a new cloud-based dedicated Endpoint Detection and Response solution designed to help enterprise customers and Managed Service Providers improve the ability to detect and eradicate threats as they occur and strengthen overall resiliency against cyberattacks. Unique in the EDR space, it combines endpoint telemetry and human risk analytics with the advanced threat detection capabilities that have made Bitdefender a recognized endpoint security leader.

Spamhaus Technology releases its Intelligence API. This is the first time Spamhaus has released its extensive threat intelligence via API, providing enriched data relating to IP addresses exhibiting compromised behaviour. Available free of charge, developers can readily access enhanced data that catalogues IP addresses compromised by malware, worms, Trojan infections, devices controlled by botnets, and third party exploits, such as open proxies.

CloudBees formally releases the first two modules of its Software Delivery Management solution: CloudBees Engineering Efficiency and CloudBees Feature Management. Software Delivery Management enables organizations to deliver higher quality software and better measure business outcomes from software development investments.

Amazon EBS Gp3 volumes: Next-generation general purpose SSD volumes for Amazon EBS give customers the flexibility to provision additional IOPS and throughput without needing to add additional storage, while also offering higher baseline performance of 3,000 IOPS and 125 MB/second of throughput with the ability to provision up to 16,000 IOPS and 1,000 MB/second peak throughput at a 20% lower price per GB of storage than existing Gp2 volumes. With Gp2 volumes, performance scales up with storage capacity, so customers can get higher IOPS and throughput for their applications by provisioning a larger storage volume size.