Security News > 2020

Infoblox, the leader in Secure Cloud-Managed Network Services, announced Enterprise best practices on DNS over TLS and DNS over HTTPS. These DoT/DoH guidelines are based on Infoblox's longtime commitment to providing customers with DDI services that enable them to easily and effectively secure their own DNS communications. "Developments like DoT and DoH are valuable efforts to address this problem, but when they are used to bypass a company's internal DNS infrastructure or evade their security controls, a host of new challenges emerge for IT managers."

Security provider McAfee is looking to a new acquisition as a way to better combat browser-based malware. On Tuesday, the company announced its intention to purchase Light Point Security, which makes a browser isolation product.

The Transportation Safety Authority has become the latest federal agency to ban the use of TikTok among its employees based on national-security fears over how ByteDance, the Beijing-based company that owns the app, uses the data collected by it. Some TSA employees have used the app to create and post videos that explain the agency's boarding processes and rules, a move that raised security concerns and inspired Sen. Chuck Schumer to send TSA administrator David Pekoske a letter to stop its use, according to a report from CBS News.

The essential considerations discussed in the latest report are: automating essential tasks; improving the consumer authentication experience; preparing for new cloud threats; improving the business acumen of the security team; aligning business and security; and preparing for more regulation. "KPMG believes," Steve Barlock, principal at KPMG LLP and lead for cloud and AI, told SecurityWeek, "We are at an inflection point with cloud and cloud take-up. The evidence we're seeing in the market with our customers is that they are generally moving into the cloud at scale, and moving some of their more sensitive applications and workloads into the cloud."

The increasing use of containers and orchestration tools, such as Kubernetes, are driving demand for new cloud security and application deployment processes, according to research from the Cloud Security Alliance presented Monday at the RSA 2020 conference in San Francisco. "As we have seen with the use of containers and micro-services and compliance, when you further segment things off, there's a functionality benefit from that," Yeoh tells Information Security Media Group.

It's a lot to hold in one's mind, so to make your life easier, The Ultimate Security Pros' Checklist, created by Cynet, provides you with a concise and actionable checklist enabling you to keep track of all your operational, management and reporting tasks. You can think of the checklist templates as an aggregated crowdsourcing from the numerous CISOs, security directors, architects and SOC managers we have worked with across the years.

With $40 million in bug bounties paid in 2019, hacker-powered bug bounty platform HackerOne nearly doubled the amount paid out in all previous years combined, reaching $82 million. HackerOne also announced that a total of seven hackers surpassed $1 million in lifetime earnings, thirteen more hitting $500,000 in lifetime earnings, and 146 hackers earning $100,000.

Hybrid environments can now join the preview party for FIDO2 support in Azure Active Directory. One way to move on is via a FIDO2 security key; the FIDO alliance has already signed up the likes of Google and Mozilla for browser authentication and back in October 2019 Microsoft unveiled a preview of FIDO2 security support in Azure Active Directory.

TCP source ports only need to be unique for each outbound connection, so most programmers simply let the operating system choose a port number for them, known in the jargon as an ephemeral port. Most of the time it won't, because the crooks use source port numbers below 10000, while conventional software and most modern operating systems stick to source port numbers of 32768 and above.

A group of researchers at Ruhr-Universität Bochum and NYU Abu Dhabi have discovered a new attack on 4G and 5G mobile networks that can be used to impersonate users. In IMP4GT attack, the researchers explain in a whitepaper, the impersonation can be conducted on either the uplink direction or the downlink direction.