Security News > 2020

From Chrome's mystery zero-day to why the EC has switched to Signal, get yourself up to date with everything we've written in the last week.

The percentage of companies admitting to suffering a mobile-related compromise has grown despite a higher percentage of organizations deciding not to sacrifice the security of mobile and IoT devices to meet business targets, Verizon has revealed in its third annual Mobile Security Index report, which is based on a survey of 876 professionals responsible for the buying, managing and security of mobile and IoT devices, as well as input from security and management companies such as Lookout, VMWare and Wandera. The report also shows that attackers hit businesses big and small, and operating in diverse industries, and that those that had sacrificed mobile security in the past year were 2x as likely to suffer a compromise.

According to Jim O'Gorman, Chief Content and Strategy officer at Offensive Security and leader of the Kali team, Kali users generally fall into two buckets: highly informed, experienced professionals/hobbyist and individuals that are new to Linux in general. "As a whole, I think it's fair to say that we build and design Kali for security professionals and hobbyists to utilize as a base platform for their work. These are individuals that could easily roll their own version of Linux for their needs, but if Kali is done right, it's a no-brainer to use it and save the work and effort that would go into building your own," he told Help Net Security.

Numerous vendors are building on these technical advancements to bring zero trust solutions to market. Adopting zero trust in IT: Five steps for building a zero trust environment.

Only half of the vulnerabilities in cloud containers ever posed a threat, according to a Rezilion study. The top 20 most popular container images on DockerHub were analyzed to discover that 50% of vulnerabilities were never loaded into memory and therefore did not pose a threat, regardless of Common Vulnerability Scoring System scores and despite vast resources in budget and manpower spent on patching or mitigation.

While enterprises rapidly transition to the public cloud, complexity is increasing, but visibility and team sizes are decreasing while security budgets remain flat to pose a significant obstacle to preventing data breaches, according to FireMon's 2020 State of Hybrid Cloud Security Report. "It is shocking to see the lack of automation being used across the cloud security landscape, especially in light of the escalating risk around misconfigurations as enterprises cut security resources. The new State of Hybrid Cloud Security Report shows that enterprises are most concerned about these challenges, and we know that adaptive and automated security tools would be a welcomed solution for their needs."

WAF is not a new technology and has been around for a while now, where many organizations have some form of WAF deployed. Static WAF rules in traditional WAF do not provide visibility to application vulnerabilities, nor do they provide complete protection when it comes to the everchanging threat landscape.

More than 36,000 attendees, 704 speakers and 658 exhibitors gathered at the Moscone Center last week to explore the Human Element in cybersecurity through hundreds of keynote presentations, track sessions, tutorials, seminars and special events. "Our mission is to connect cybersecurity professionals with diverse perspectives and backgrounds to inspire new ways of thinking and push the industry forward," said Linda Gray Martin, Senior Director and General Manager, RSA Conference.

Pivot3, a leading provider of intelligent infrastructure solutions, announced that it achieved Common Criteria Assurance Continuity certification for its Acuity 10.6 hyperconverged infrastructure software platform. Pivot3 is the only HCI vendor with Common Criteria certification of a native-NVMe solution with policy-based management to automate data protection, security and workload performance.

It enables Intune users to connect from managed mobile apps to data sources of their choice via a micro VPN. The growth in demand for, and usage of enterprise mobile applications is undeniable, with the enterprise mobile application development market expected to grow at a CAGR of 15.65% by 2025. Enterprises continue to struggle with secure access from the managed mobile apps to their sensitive data, stored on premises or in their private clouds, that increasingly power critical business outcomes and cost-effectively driving end-user adoption of mobile apps.