Security News > 2020

Maersk is preparing to make 150 job cuts at its UK command-and-control centre in Maidenhead - the one that rebuilt the global shipping giant's IT infrastructure after the infamous 2017 NotPetya ransomware outbreak. Company insiders told The Register they were first made aware of the situation in January, when confused staff found job adverts online for their own roles, posted by Indian outsourcer UCS, which is understood to be taking over the running of an outsourced CCC for Maersk.

Thousands of active WordPress plugins have been hit with a swathe of cross-site scripting vulnerabilities that could give attackers complete control of sites. Researchers at NinTechNet found a vulnerability in the WordPress Flexible Checkout Fields for WooCommerce plugin, which enhances the popular WordPress ecommerce system with the ability to configure custom checkout fields using a simple user interface.

In its 2020 Global Threat Report, CrowdStrike found that bad actors are disabling endpoint protection and compromising WordPress sites to steal data and credentials. CrowdStrike's eport includes a threat landscape overview, ransomware threat assessment, e-crime trends and activity, and an update on intrusions from Iran, North Korea, China, Russia and other countries.

Individuals are expected to use unique username and password combinations to access dozens of protected resources every day - their social media accounts, banking profile, government portals and business resources. Some enterprises choose to improve password security by increasing their policies and requiring the inclusion of a greater number and diversified types of characters in passwords.

In this podcast recorded at RSA Conference 2020, we're joined by the ThreatQuotient team talking about a threat-centric approach to security operations, the evolution of threat intelligence and the issues surrounding it. We are here today with the ThreatQuotient team to talk about all things security operations, the human element of cybersecurity, and the evolving landscape of threat intelligence.

More organizations are also taking additional steps to prepare beyond their data breach response plan. Integrating data breach response into business continuity plans.

Attacks on cell phones aren't new, and researchers have previously shown that ultrasonic waves can be used to deliver a single command through the air. These waves, the researchers found, can propagate through many solid surfaces to activate voice recognition systems and - with the addition of some cheap hardware - the person initiating the attack can also hear the phone's response.

The common practice in recent years is to gain extra protection through implementing either EDREPP solutions or Network Traffic Analysis/NDR solutions. A recently published guide, 'Advanced Threat Protection Beyond the AV' is the first resource that not only guides security executives through the pros and cons of each solution type but also outlines a best-practice approach that allows the "Non-Fortune 500" companies to combine the advantages of both approaches - without actually buying both.

The Advanced Threat Protection Beyond the AV guide guides security executives through the pros and cons of each solution type, and also outlines a best-practice approach that allows companies to combine the advantages of both approaches - without actually buying both. The Advanced Threat Protection Beyond the AV guide dives deep to explain the differences between the endpoint and network-based approaches, specifying the pros and cons of each and leading to the conclusion that the best protection against cyberthreats entails combining the capabilities of both approaches.

Jetico, long-trusted pioneer in data encryption, announced support for Mac computers with a T2 security chip. With this update, BestCrypt Volume Encryption - Enterprise Edition becomes the industry's most comprehensive enterprise encryption software for Windows and macOS. "Native OS encryption tools might be an easy way to get started with data protection. Yet there's a critical limitation. Their security is bound to only some versions of a single operating system," states Jetico CEO, Michael Waksman.