Security News > 2020

Cynet changes the rules of the game with a free threat assessment offering based on more than 72 hours of data collection, enabling organizations to benchmark their security posture against their vertical industry peers and take actions accordingly. Cynet Free Threat Assessment spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment.

That AI still needed a set of - ahem - images to train itself on, which Bressler requested via Twitter. Bressler told Naked Security that it will also block pictures of female genitals although no tests of its effectiveness at doing this have yet been made public.

SIRP Security Score calculates an organization's security score based on a number of internal and external factors. "As enterprises struggle with sheer volume of threats and vulnerabilities, it is increasingly important to adopt a strategic, risk-based approach to threat response and vulnerability mitigation," said Faiz Shuja, CEO, SIRP. "We are excited to release the S3 Scoring module which enables organizations to analyze their security score and make timely risk-based decisions."

Popular cryptocurrency IOTA has temporarily shut down its entire network after a hacker stole funds from ten of its highest-value users. The IOTA team published an updated version on Sunday to fix the problem.

According to a team led by vpnMentor researchers Noam Rotem and Ran Locar, NextMotion's compromised database contained sensitive images of thousands of plastic surgery patients, uploaded via its devices and software. These images were often highly sensitive, showing patients' genitalia and other body parts.

Now, security firm ClearSky says that at least three advanced persistent threat groups, all with apparent ties to the Iranian government, have been joining the fray and hitting unpatched Fortinet, Pulse Secure and Palo Alto Networks VPN servers and Citrix remote gateways. Specific flaws needing to be patched include CVE-2019-11510 in Pulse Secure's VPN SSL servers, CVE-2018-13379 in Fortigate's SSL VPN servers, and CVE-2019-1579 in Palo Alto Network VPN servers, all of which ClearSky says Fox Kitten is now exploiting.

TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops and the Wi-Fi adapter on Dell XPS laptops were all found to lack secure firmware update mechanisms with proper code-signing. Eclypsium researchers analyzed a Lenovo ThinkPad X1 Carbon 6th Gen laptop, which contains two vulnerable firmware mechanisms: Touchpad firmware and TrackPoint firmware.

Exploiting VPN Flaws to Compromise Enterprise Networks The primary attack vector employed by the Iranian groups has been the exploitation of unpatched VPN vulnerabilities to penetrate and steal information from target companies. Once the attackers gained lateral movement capabilities, the attackers move to the final stage: execute the backdoor to scan the compromised system for relevant information and exfiltrate the files back to the attacker by establishing a remote desktop connection or opening a socket-based connection to a hardcoded IP address.

As Head of Research at CyberMDX, Elad Luz gathers and analyzes information on a variety of connected healthcare devices in order to improve the techniques used to protect them and/or report about their security issues to vendors. Care critical devices that are directly connected to patients like infusion pumps, ventilation, anesthesia, patient monitoring and such obviously represent the most critical endpoints from a security perspective.

Yes, new skills are needed, but the session will also demystify the approach by looking at detailed use cases of how to respond to AWS-specific security incidents. A computer security mindset is essential to understanding the security of complex technological systems.