Security News > 2020

It's critical to understand the existing gaps and bottlenecks within organizations that make the infrastructure vulnerable to attacks and make detection difficult. Effective ways to align your resources to enhance your incidence response effort;.

Security leaders can no longer adopt the role of enforcer, but rather need to pivot to a new role: the enabler. Security leaders must now be able to transform their security practices in lockstep with all the other changes wrought by business-wide digital transformation.

Exploiting a vulnerability in the mobile communication standard LTE, researchers at Ruhr-Universität Bochum can impersonate mobile phone users. David Rupprecht and Dr. Katharina Kohls from the Chair of System Security developed attacks to exploit security gaps in the mobile phone standard LTE. "An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them," illustrates Professor Thorsten Holz from Horst Görtz Institute for IT Security, who discovered the vulnerability together with David Rupprecht, Dr. Katharina Kohls and Professor Christina Pöpper.

Bug disclosure service HackerOne was in the rare position of publicizing one of its own security holes this week after a researcher discovered a flaw that was exposing some user email addresses. Tenable says Microsoft won't fix Group Policy bug.

IT security practitioners are aware of good habits when it comes to strong authentication and password management, yet often fail to implement them due to poor usability or inconvenience, according to Yubico and Ponemon Institute. The conclusion is that IT security practitioners and individuals are both engaging in risky password and authentication practices, yet expectation and reality are often misaligned when it comes to the implementation of usable and desirable security solutions.

Organizations are detecting and containing attacks faster as the global median dwell time, defined as the duration between the start of a cyber intrusion and it being identified, was 56 days. Consultants attribute this trend to organizations improving their detection programs, as well as changes in attacker behaviors such as the continued rise in disruptive attacks which often have shorter dwell times than other attack types.

IoT is barreling toward the enterprise, but organizations remain highly vulnerable to IoT-based attacks, according to Extreme Networks. The report, which surveyed 540 IT professionals across industries in North America, Europe, and Asia Pacific, found that 84% of organizations have IoT devices on their corporate networks.

78% think employees have put data at risk accidentally in the past 12 months and 75% think employees have put data at risk intentionally. "While they acknowledge the sustained risk of insider data breaches, bizarrely IT leaders have not adopted new strategies or technologies to mitigate the risk. Effectively, they are adopting a risk posture in which at least one-third of employees putting data at risk is deemed acceptable."

The Ultimate Security Pros' Checklist provides you with a concise and actionable way to keep track of all your operational, management and reporting tasks. This checklist fully maps the core duties of common security positions - CISO/CIO, Director of Security, Security Architect and SOC manager - to a list of checkboxes.

Without sophisticated security solutions that address the diverse threats posed to connected devices and systems, this potential is at risk of getting squandered. Innodisk is unveiling a security and performance-oriented suite of products from across its flash storage, embedded peripheral, and DRAM product lines.