Security News > 2020

Take your SOC to the next level of effectivenessOrganizations are turning to Breach and Attack Simulation integration with the SOC. BAS integration with SIEM and SOAR solutions enables SOC teams to continually evaluate the effectiveness of their security controls and improve the company's security posture with real-time, accurate metrics. SecOps teams face challenges in understanding how security tools workSecurity professionals are overconfident in their tools with 50% reporting that they have experienced a security breach because one or more of their security products was not working as expected, according to Keysight.

The underlying reason when you think about it is when you make a system more and more efficient you constrain it's ability to react to change. In essence "Slack in the system" sustains you over the "Change period", take out the slack and when change happens you fail.

The lawsuit alleges that Google has used the service to collect data of children using the service, including their physical locations, websites they visit, terms used in Google's search engine and videos watched on YouTube. In all of these cases, the lawsuit alleges, Google has not properly disclosed to users that it's collecting this data.

Active exploits are targeting a recently patched flaw in the popular WordPress plugin Duplicator, which has more than 1 million active installations. Researchers at Wordfence who discovered the in-the-wild attacks said in a post Thursday that 50,000 of those attacks occurred before Duplicator creator Snap Creek released a fix for the bug last week on Feb. 12 - so it was also exploited in the wild as a zero-day.

A home healthcare company has filed 17 breach reports after a ransomware attack on its cloud-based electronic health records vendor last December, illustrating once again how a vendor breach can have a wide impact. Personal Touch Home Care, a Lake Success, New York-based provider that has 17 offices in six states, recently submitted the breach reports on behalf of its various locations to the U.S. Department of Health and Human Services, according to the HHS Office for Civil Rights' HIPAA Breach Reporting Tool website, which lists health data breaches affecting 500 or more individuals.

Victims of dodgy IT support from Office Depot will start receiving compensation checks, a US consumer watchdog said Thursday. The payouts come from a 2019 settlement the retail giant reached with the FTC, after the biz was accused of letting employees and a computer support provider trick punters into paying for unneeded malware cleanup and security software.

Based on the results of these testbed proofs-of-concept, today the IIC released a white paper, A Compilation of Testbed Results: Toward Best Practices for Developing and Deploying IIoT Solutions, detailing the best practices companies should adopt to ensure successful IIoT deployments. What isn't different are the best practices organizations can adopt to ensure that the early stages of IIoT development and deployment go as smoothly and successfully as possible.

On Wednesday, cybercriminals posted the information of more than 10 million MGM Hotel customers on a hacker forum, exposing their personal data to thousands of criminals nearly a year after the initial breach. In a statement to ZDNet, an MGM spokesperson said: "Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter." The hackers dumped the personal details-which include full names, home addresses, phone numbers, emails and dates of birth-for 10,683,188 former hotel guests, including Justin Beiber and Twitter CEO Jack Dorsey.

All of this is a long-winded way of saying that I have joined a company called Inrupt that is working to bring Tim Berners-Lee's distributed data ownership model that is Solid into the mainstream. If you want your insurance company to have access to your fitness data, you grant it through your pod.

Most Americans are worried about how companies and governments will use technology like facial recognition and encryption, and how it will affect their data and security, according to a new survey from VPN provider ExpressVPN. The survey of 1,200 adults revealed Americans' deep concern for online privacy, and who do not support the encryption backdoors required by the US government. If they found out their personal information had been sold to a third party, 92% of Americans would delete a regularly used app.