Security News > 2020

So how do you know what's going to make authentication more secure and efficient for your organization while also shifting the burden off users? Risk-based authentication is increasingly the answer - but it's more nuanced than that. At its most basic, a risk-based approach may mean simply adopting static risk-based policies that support conditional access.

For the third time in a year, Google has fixed a Chrome zero-day that is being actively exploited by attackers in the wild. No details have been shared about the attacks and about the flaw itself, apart from the short description that says it's a type confusion flaw in V8, the JavaScript engine used by the Chrome browser.

Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress-apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets. First, Learn What Kr00k Attack Doesn't Allow: Before proceeding to details of the new Kr00k attack, it's important to note that:The vulnerability does not reside in the Wi-Fi encryption protocol; instead, it exists in the way vulnerable chips implemented the encryption,.

Britain's Financial Conduct Authority on Tuesday admitted to a data breach, in an embarrassing revelation for the regulator and its boss, who shortly takes over at the Bank of England. The FCA said it had mistakenly published the details of around 1,600 consumers who had complained about the regulator, which is tasked with overseeing the conduct of Britain's key financial sector, including any data breaches by banks for example.

The total number of phishing sites detected by the Anti-Phishing Working Group worldwide in October through December 2019 was 162,155, following the all-time-high of 266,387 attacks recorded in July through September 2019. APWG contributor OpSec Security saw attacks against more than 325 different brands per month in Q4. Stefanie Wood Ellis, Anti-Fraud Product & Marketing Manager at OpSec Security, noted that the most frequent targets of phishing attacks continued to be Webmail, payment, and bank sites, but that "Phishing against Social Media targets grew every quarter of the year, doubling over the course of 2019.".

Purdue University innovators have unveiled technology that is 100 times more resilient to electromagnetic and power attacks, to stop side-channel attacks against IoT devices. Recent attacks have shown that such side-channel attacks can happen in just a few minutes from a short distance away.

While vendor consolidation is steadily increasing with 86 percent of organizations using between 1 and 20 cybersecurity vendors, more than 20 percent feel that managing a multi-vendor environment is very challenging, which has increased by 8 percent since 2017, according to a Cisco's CISO Benchmark Report for which they surveyed 2,800 security professionals from 13 countries around the globe. To combat cybersecurity complexity, security professionals are increasing investments in automation to simplify and speed up response times in their security ecosystems; using cloud security to improve visibility into their networks; and sustaining collaboration between networking, endpoint and security teams.

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. The open-sourced Jetpack Security library lets Android app developers easily read and write encrypted files by following best security practices, including storing cryptographic keys and protecting files that may contain sensitive data, API keys, OAuth tokens.

The healthcare industry has significantly more exposed attack surfaces than any other industry surveyed, according to Censys's research findings of cloud risks and cloud maturity by industry, revealed at RSA Conference 2020. The healthcare industry showed significantly more exposed databases and more exposed remote login services.

BlackBerry announced at RSA Conference 2020 the BlackBerry Spark platform with a new unified endpoint security layer which can work with BlackBerry UEM and other unified endpoint management solutions to deliver BlackBerry's One Agent, One Console, One Crowd, One Cloud approach to achieve zero trust security. One Agent: Comprehensive endpoint support using a single agent, for desktop and mobile, IoT. One Console: Visibility across the enterprise to deliver security and Zero Trust with a zero touch end-user experience across endpoints, users, data, and networks managed through a single console.