Security News > 2020

CrowdStrike, a leader in cloud-delivered endpoint protection, announced at RSA Conference 2020 it is expanding the industry-leading visibility of the CrowdStrike Falcon platform, to protect workloads, across all environments, including workloads and containers running in the cloud and in private, public and hybrid data centers or on-premise. Falcon is extending the capabilities of its award-winning endpoint protection and endpoint detection and response to provide visibility specific to workloads hosted on Google Cloud Platform and Microsoft Azure and to provide EDR and run-time protection for containers.

Voice commands encoded in ultrasonic waves can, best case scenario, silently activate a phone's digital assistant, and order it to do stuff like read out text messages and make phone calls, we're told. In the video demo below, a handset placed on a table wakes up after the voice assistant is activated by inaudible ultrasonic waves.

Secureworks' new Cloud Configuration Review pairs its two decades of security operations and consulting experience with the innovative VMware Secure State, a public cloud security and compliance monitoring platform, to give customers an immediate head start against cloud security risks such as misconfiguration. Security recommendations: a consultative review of VMware Secure State findings to deliver a visual understanding of security risks, recommendations for remediation actions and guidance on how to prioritize security controls that have the most impact on cloud security posture.

FireMon announced at RSA Conference 2020 expanded capabilities for API integrations with ServiceNow, Cisco ACI and Swimlane to help customers improve network security visibility, control, and efficiency while maximizing the value of their investments in security and IT service management systems. The FireMon API provides security professionals unlimited flexibility to customize change management workflows, increase visibility across tools and infrastructures, and maximize resources and cost efficiencies.

Among app developers presented with a warning message from Google asking them to curb the number of permission requests in their apps, 60 percent of those removed permissions. Google uses an automated process to determine what type of app is being uploaded and gauges how many permissions are being requested relative to similar apps uploaded to Google Play.

According to Mary T. Barra, CEO of the automaker, GM has invested $100 million into cybersecurity per year, including the hire of nearly 500 men and women. In 2019, GM reached nearly 300,000 students and teachers across the United States, Barra noted, including with a Society of Automotive Engineers-led interactive cybersecurity challenge and curriculum for middle-school students.

At the RSA Conference in San Francisco, TechRepublic's Veronica Combs spoke with Darren Thomas, senior product manager at McAfee, about the company's Security Innovation Alliance and its partnership with OASIS. Darren Thomas: The whole goal of the alliance is to foster information exchange and to reduce the friction points when it comes to integrations between different products. We are in the process of developing some common tooling under the auspice of OASIS. It's an OASIS open project.

Attackers shouldn't have been able to remove sensitive data like Social Security numbers from military networks, according to cybersecurity experts. Joe Lareau, senior security engineer, Exabeam, said that as political tensions around the globe continue to rise, government agencies have to be vigilant and create modern security systems that can handle a variety of attacks.

A former Microsoft software engineer was convicted this week on 18 federal criminal charges tied to stealing more than $10 million through the company's online retail platform, according to the U.S. Department of Justice. Voldymyr Kvashuk, a Ukrainian resident who first worked as a contractor and then as a full-time engineer at Microsoft from 2016 to 2018, was found guilty on five counts of wire fraud, six counts of money laundering, two counts of aggravated identity theft, two counts of filing false tax returns, and one count each of mail fraud, access device fraud and access to a protected computer in furtherance of fraud, according to the U.S. Attorney's Office for the Western District of Washington, which oversaw the case.

Cisco says it will release patches for wireless devices affected by the recently disclosed Wi-Fi chip vulnerability named Kr00k. Cybersecurity firm ESET revealed on Wednesday that over one billion Wi-Fi-capable devices were at one point affected by a vulnerability that can allow hackers to obtain potentially sensitive information from wireless communications.