Security News > 2020

Barracuda Networks has released the findings of its latest survey on public cloud security. Fleming Shi, chief technology officer of the company, describes what is holding organizations back from fully embracing the public cloud.

Cloud security company Rezilion has analyzed some of the most popular Docker container images and determined that while they include many vulnerabilities, less than half of these flaws pose an actual risk. Rezilion's researchers have analyzed 20 of the most popular container images hosted on DockerHub, the largest library and community for container images.

A group of researchers has built a sandbox framework that can improve the security of Firefox by isolating third-party libraries used by the browser. Similar to other major browsers, Firefox relies on third-party libraries to render content - such as audio, video, and images - and these libraries often introduce additional vulnerabilities, researchers from the University of California San Diego, University of Texas at Austin, Stanford University and Mozilla say.

This week we discuss the stalkerware app that spilled bucketloads of ultrapersonal data, a double-whammy ransomware attack on a homeless charity, and an Amazon Prime-themed phishing attack with a skull-and-crossbones twist. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

The Democratic National Committee has warned its presidential candidates to be cautious after Bernie Sanders' campaign reported that an "Impersonator" with a domain registered overseas had posed as one of its staffers and sought conversations with members of at least two other campaigns. Bob Lord, the DNC's chief security officer, wrote in an email to his party's presidential campaigns on Wednesday that "Adversaries will often try to impersonate real people on a campaign" to get people to "Download suspicious files, or click on a link to a phishing site." Lord said attackers may also try to set up a call or in-person meeting that they can record and publish.

Earlier this month, a hacker who uses the online moniker msdian7 discovered that a new feature introduced by the HackerOne bug bounty platform had resulted in a vulnerability that could have been exploited to obtain any HackerOne user's email address. The vulnerability could have been exploited for malicious purposes through HackerOne's demo programs.

A true security platform should be able to deliver essential security solutions into a complex network environment while reducing things like management, configuration, and orchestration overhead. But to differentiate between a real platform strategy that can simplify the lives of your IT team members, and a set of solutions that simply shift the complexity of managing independent security tools from the wiring closet to a box, we need to define exactly what we mean when we use the term platform. To qualify as broad, a cybersecurity platform needs to provide effective and consistent security across the entire distributed network - including multi-clouds, branch offices, edge networks, mobile devices, and data centers - to enable digital innovation and protect every edge in the infrastructure.

This law journal article discusses the role of class-action litigation to secure the Internet of Things. Basically, the article postulates that market realities will produce insecure IoT devices, and political failures will leave that industry unregulated.

There's been a bump in the road, a stick in the wheel, because Sophos was a member of the UK government's "Cycle to work" scheme - which offers staff loans to pay for bicycles and related stuff like lights, helmets and panniers. The trouble is that the bike scheme is regulated by the Financial Conduct Authority.

How many times have you met someone full of promises and big on talk, only to be disappointed by what results from your engagement with them? Normans not only let organizations down, they adversely affect the information security postures of those organizations by taking valuable time and resources away from other value-added activities. If you know someone who has these traits, they might be a Norman.