Security News > 2020

Jazz Networks, an award-winning insider threat security company, announced Joel Brunson has joined as CEO of Federal business. Brunson brings world-class leadership in business growth and proven expertise in the federal government sector.

US officials on Wednesday stepped up warnings about the potential security risks from the fast-growing, Chinese-owned TikTok as a lawmaker unveiled legislation to ban the social media app from government devices. Senator Josh Hawley, who convened the hearing, said he was introducing a bill to ban TikTok from all US government devices, calling it "a major security risk for the American people."

Behavioral biometrics can play an important role in thwarting ever more sophisticated payment fraud schemes, says Robert Capps of Mastercard, who provides a fraud-fighting update. In a video interview with Information Security Media Group at RSA 2020.

Cisco has released patches to address more than a dozen vulnerabilities across various products, including two code execution bugs in Webex Player that could be exploited remotely. Tracked as CVE-2020-3127 and CVE-2020-3128 and rated high severity, the issues reside in the insufficient validation of elements within a Webex recording stored as ARF or WRF. To exploit the bugs, an attacker needs to send a malicious ARF or WRF file and trick the victim into opening the file the local system, which could result in arbitrary code being executed with the privileges of the targeted user.

How confident are you with the security of your WordPress deployments? If you're not 100% confident, you need to make use of the wpscan tool. Considering how prevalent the open source WordPress blogging platform installations are, chances are good that you have a deployment or two to manage.

In response to White House warnings that 5G infrastructure equipment built by Huawei could be subverted by China to conduct espionage, Andy Purdy of Huawei Technologies USA says his company has pledged full transparency and urges competitors to follow suit. Security concerns that come with 5G and national rollouts;.

As organizations face having to demonstrate compliance with a broad range of regulations that have an IT and cybersecurity impact, the imperative is to adopt frameworks such as ISO 27001 and NIST 800-53, says David Ogbolumani, chief cybersecurity and privacy officer at IT Security Consultants. Tackling today's top compliance and regulatory issues;.

Three U.S. senators are demanding more answers from Catholic health system Ascension and Google over "Project Nightingale," which is part of a controversial data-sharing and cloud migration initiative that has raised concerns about sharing patient information without explicit permission. In a letter sent Monday to St. Louis-based Ascension, Sen. Bill Cassidy, M.D., R-La., and Democratic senators Elizabeth Warren of Massachusetts and Richard Blumenthal of Connecticut are demanding additional answers, including a complete list of patient-level information that Google received from Ascension and the exact number of health records that the company collected in Project Nightingale.

A FDA spokeswoman tells Information Security Media Group that the agency does not yet have an estimate on how many medical devices and other health-related products in use in the U.S. or worldwide could be impacted. "As with any medical technology, threats that can affect proper operation, availability or in any way threatens patient safety is of concern," says Bill Aerts, executive director of the Archimedes Center for Medical Device Security at the University of Michigan.

Just as consumers can look at a box of Twinkies and read a list of ingredients, so too should software makers provide users with a "Bill of materials" explaining their composition, says Allan Friedman, director of cybersecurity initiatives at the U.S. National Telecommunications and Information Administration. Friedman is the director of cybersecurity initiatives at NTIA, which part of the U.S. Department of Commerce, where he coordinates NTIA's multistakeholder processes, bringing together industry and the security community on issues such as vulnerability disclosure and IoT security.