Security News > 2020

Garrison is using ARM processor chips to create a hardware defense against data breaches and malware. Instead of relying on endpoint protection or user training to improve security, the UK-based security company Garrison wants to use hardware to prevent malware infections and data breaches.

If your desktop of choice is Linux, you don't have to be without a 2FA tool, thanks to OTPClient.

The Council of the District of Columbia on Tuesday unanimously passed a bill whose goal is to expand data breach notification requirements and improve the way organizations protect personal information. Introduced in March 2019 by the Office of the Attorney General for the District of Columbia, the Security Breach Protection Amendment Act of 2019 expands the types of information for which companies are held accountable.

Data stolen from Tesco clubcards could be resold for just £2.70 a pop, reckons a price-comparison website that appears to have strayed into the dark web. "Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts. At no point was any customer's financial data accessed," Tesco said.

U.K. supermarket giant Tesco is warning on a credential-stuffing attack that potentially affects 600,000 members of its Clubcard loyalty program. "We are aware of some fraudulent activity around the redemption of a small proportion of our customers' Clubcard vouchers," a Tesco spokesperson told the BBC. "Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts."

The vulnerability is the ability to register almost exact lookalike domain names. Simple attacks would attempt to register a domain using similar Latin characters - for example G00GLE.COM to look like GOOGLE.COM. The first example uses zeros rather than the correct letter Os; and a successfully registered lookalike domain would likely be used as a malicious phishing site.

In the past, there were two main reasons: TLS certificates were complicated and time-consuming to acquire and use; and they cost money that sites such as charities, hobbyists and small businesses resented having to pay, especially given that certificates need renewing regularly. Let's Encrypt certificates are valid for 90 days, and autorenew for most users when there are 30 days or fewer left on their current certificates.

This week we discuss the latest in the Clearview AI debacle, get more tales from the ransomware swamp and discover how often our smart speakers are listening to us. Host Anna Brading is joined by Sophos experts Paul Ducklin and Peter Mackenzie, and me!

Learn from the experts what it takes to keep hackers away from your personal data. White Ops CEO Tamer Hassan uses the most extreme approach to protecting his personal data.

So how can security organizations improve their visibility? One of the most impactful changes they could make is to re-evaluate their network sensor placement. Sensors report network alerts and metadata to your on-premises Network Enterprise appliances or to the remote Network Cloud.