Security News > 2020

Cisco unveiled SecureX, a new cloud-native security platform designed to improve visibility, deliver analytics, and automate common security workflows. Checkmarx announced a new orchestration module for its software security platform that integrates with application release orchestration and agile planning tools.

A newly released report offers a glimpse into how European Union authorities are applying the General Data Protection Regulation to some of the biggest U.S. technology firms, including social media giants Facebook and Twitter. What makes Ireland a bellwether for GDPR is that many U.S. technology firms, including Apple, Facebook and Google, have designated Ireland as their "Main establishment" in the EU. Under GDPR, that enables them to qualify for a one-stop-shop mechanism, which ensures that the data protection authority in that country takes the lead on any EU privacy investigations.

Google's reCAPTCHA Enterprise and Web Risk API get a general release; Chronicle Security gets boosts from new threat detection and timelining features. Google has made a number of security announcements at RSA 2020, including upgrades to its Chronicle Security platform and the general release of its reCAPTCHA Enterprise and Web Risk API tools.

With security as the guiding factor, financial services companies are ahead of all other industries in deploying hybrid clouds, but they lag behind others in their use of multi-public cloud services, according to a newly-released report. SEE: Hybrid cloud: A guide for IT pros The report was focused on cloud deployments and planning trends in the financial services industry.

Researchers from Cisco's Talos intelligence and research group have identified a dozen vulnerabilities in a wireless networking device made by Taiwan-based industrial networking, computing and automation solutions provider Moxa. According to advisories published on Monday by both Moxa and Talos, AWK-3131A industrial AP/bridge/client devices are affected by 12 vulnerabilities that can be exploited to carry out malicious activities in an attack aimed at an organization's industrial systems.

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage devices that can be used to remotely commandeer them. Holden said the seller of the exploit code - a ne'er-do-well who goes by the nickname "500mhz" -is known for being reliable and thorough in his sales of 0day exploits.

Like many other BEC scammers, this group primarily runs its activities from Nigeria, but it also has operations in Ghana and Kenya, according to the report. Although the BEC gang originally focused on more traditional check fraud when it started operations in 2013, the group switched to BEC schemes starting around mid-2017, the researchers determined.

Specification of the part played by SSH abuse within a breach report is rare despite compromised machine identities being used by attackers to hide their malicious activity, evade security controls and steal a wide range of confidential data. In a report sponsored by cryptographic key and digital certificate management firm Venafi, AIR Worldwide suggests the cost to U.S. business is between $15 billion and $21 billion; or between 9% to 13% of the total U.S. economic loss caused by cyber events.

The FBI has arrested a suspect who's charged in connection with waging distributed denial-of-service attacks against the campaign website of an unsuccessful 2018 Democratic candidate for the U.S. House in California. The FBI's criminal complaint in the case claims that Arthur Jan Dam, who lives in California, conducted four DDoS attacks between April 20, 2018, and May 29, 2018, against the campaign website of an unnamed Democratic primary candidate for the U.S. House of Representatives in California who ultimately lost.

Canada's privacy watchdog on Friday announced an investigation into a US software startup reportedly capable of matching images of unknown faces to photos it mined from millions of websites and social media networks. In a statement, the Office of the Privacy Commissioner said Clearview AI's collection and stockpiling of more than three billion photos potentially violated Canadian law, if the photos were obtained without permission.