Security News > 2020

RSA Conference 2020 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news.

For some projects, such as access management, privacy and security teams might align. Such as the use of biometrics, may be championed by security teams while generating caution from privacy groups, in light of emerging regulations, he says.

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.

The Iranian cyber-espionage group referred to as MuddyWater continues to focus on long-running operations even after a U.S. airstrike killed General Qassem Soleimani on January 2. Cyber-retaliation continues to be a probability, and even industrial systems might be at risk, but for now Iranian threat groups appear to focus on their long-running cyber-espionage activity instead, Secureworks' security researchers say.

Reducing security complexity remains one of the toughest challenges facing CISOs, driven by the non-stop increase in threats, says Jeff Reed of Cisco. While many organizations are reducing the number of tools they use, creating a sustainable solution to the complexity problem also requires vendors to ensure their tools are increasingly interoperable and facilitate improved visibility as well as automation, he says.

Researchers have attributed the campaign to a known Iranian advanced persistence threat group. As part of the campaign, researchers observed multiple emails using malicious attachments to gain initial access.

SAN FRANCISCO - Researchers have discovered several high-severity vulnerabilities in a connected vacuum cleaner. The security holes could give remote attackers the capability to launch an array of attacks - from a denial of service attack that renders the vacuum unusable, to viewing private home footage through the vacuum's embedded camera.

CVE-2020-0688, a remote code execution bug in Microsoft Exchange Server that has been squashed by Microsoft in early February, is ripe for exploitation and could become a vector for ransomware groups in coming months, warns cybersecurity researcher Kevin Beaumont. Organizations running on-premise Exchange - any supported version up until the recent patch - would do well to patch as soon as possible, as scanning for vulnerable internet-facing servers has already begun.

RSA CONFERENCE 2020 - San Francisco - Intel announced four new security capabilities and provided further information on its previously-announced Compute Lifecycle Assurance supply chain transparency initiative today at RSA Conference 2020 in San Francisco. Intel hardware is the bedrock of much of the world's computing capability.