Security News > 2020

OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol to deliver messages on a local machine or to relay them to other SMTP servers.

Phishing attacks have become one of the business world's top cybersecurity concerns. Hackers have evolved their methods, from regular phishing attacks to spear phishing, where they use email messages disguised as coming from legitimate sources to dupe specific individuals.

Sumo Logic, the leader in continuous intelligence, announced the availability of its new Cloud SIEM Enterprise offering, which includes a rich set of capabilities to ease the burden on security operations center personnel. The new capabilities help identify and prioritize high fidelity threats and automate the analyst workflow, allowing SOC personnel to better manage real security events and effectively enforce security and compliance policies.

FireEye, the intelligence-led security company, announced new cloud security innovations at RSA Conference 2020, including expanded capabilities within the FireEye Helix platform, as well as FireEye Messaging Security - a new offering that protects collaboration tools such as Microsoft Teams and Slack. Expanded analytics capabilities are available to FireEye Helix customers at no additional cost.

As a leader in WAF and API security technology, F5 delivers application security with consistent policies and controls across hybrid- and multi-cloud environments. "Our security strategy is rooted in what customers are trying to accomplish-optimum app performance with maximized uptime, lower overall costs, and reduced losses due to fraud or abuse," said John Morgan, VP and GM of Security at F5. "Security remains a key area where we see conflict between increasing business velocity and implementing adequate protections. F5's application security solutions free developers to focus on the application business logic and customer experience while also providing world-class threat protection with policy and control consistency across on-prem and cloud environments."

Anitian, a leading cloud security and compliance automation provider, announced Documentation Automation, an enhancement to its Cloud Security Platform that automates documentation for the most stringent compliance standards. "The automation of security and compliance documentation represents a final frontier in automating a company's journey to the cloud," said Andrew Plato, Anitian Chairman and CEO. "What used to take 12 to 18 months and teams of people to complete can now be done in days, even hours, with Anitian's Vision Portal."

Eight new partnerships and seven new certified integrations to McAfee Security Innovation Alliance and McAfee CASB Connect Program give organizations a competitive advantage to secure people, devices and data in the cloud. As an extension of McAfee SIA, the McAfee CASB Connect Program is the industry's first self-serve framework that enables any cloud service provider or partner to rapidly onboard any SaaS application onto McAfee MVISION Cloud.

The Pentagon is adopting new ethical principles as it prepares to accelerate its use of artificial intelligence technology on the battlefield. The new principles call for people to "Exercise appropriate levels of judgment and care" when deploying and using AI systems, such as those that scan aerial imagery to look for targets.

A lawsuit seeking class action status filed against UW Medicine in the wake of a data leak incident has been amended to reflect that at least one HIV patient allegedly had their data exposed. The lawsuit alleges UW Medicine, a Seattle-based academic medical system that includes several hospitals and a large physician practice, failed to properly protect PHI when it misconfigured a database, leaving nearly 974,000 patients' information exposed to the internet for several weeks.

Any cut-and-paste data temporarily stored to an iPhone or iPad's memory can be accessed by all apps installed on the specific device - even malicious ones. To illustrate his concerns, Mysk created a rogue proof-of-concept app called KlipboardSpy and an iOS widget named KlipSpyWidget.