Security News > 2020

Cybersecurity has emerged as the top focus of upstream oil and gas companies' digital investments, according to a report from Accenture. The report suggests that the focus on cyber resilience is increasing sharply as oil companies seek to protect their assets and reputations.

As organizations progress through digital transformation initiatives, IT and business process optimization initiatives mature. Many organizations have moved beyond the basics of business process automation and are now scaling their digital footprint with cloud, containers, and orchestration.

Cynet changes the rules of the game with a free threat assessment offering based on more than 72 hours of data collection, enabling organizations to benchmark their security posture against their vertical industry peers and take actions accordingly. Cynet Free Threat Assessment spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment.

Cynerio announced the addition of the virtual segmentation capability to their platform. The Cynerio platform's new virtual segmentation capability automatically delivers safe and effective policies in a matter of weeks by customizing segmentation policy for every device type, limiting the attack surface, and ensuring clinical services remain intact.

Cynet changes the rules of the game with a free threat assessment offering based on more than 72 hours of data collection, enabling organizations to benchmark their security posture against their industry vertical peers and take actions accordingly. Cynet Free Threat Assessment spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment.

Providing managed security service providers with the world's best threat intelligence products, these additions offer extended benefits and accelerated growth opportunities to new and existing participants of the company's MSSP Partner Program. ScoutPRIME. A global attack surface management platform to help identify and manage potential security vulnerabilities associated with subsidiaries, partners, suppliers, and others outside of organizations' perimeter, it can be integrated with existing SIEM and big data solutions for a broader view and understanding of the potential impact of threats.

Now, security firm ClearSky says that at least three advanced persistent threat groups, all with apparent ties to the Iranian government, have been joining the fray and hitting unpatched Fortinet, Pulse Secure and Palo Alto Networks VPN servers and Citrix remote gateways. Specific flaws needing to be patched include CVE-2019-11510 in Pulse Secure's VPN SSL servers, CVE-2018-13379 in Fortigate's SSL VPN servers, and CVE-2019-1579 in Palo Alto Network VPN servers, all of which ClearSky says Fox Kitten is now exploiting.

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development company ThemeGrill.

Google has removed more than 500 extensions from the Chrome Web Store after they were found performing covert data exfiltration activities. Independent security researcher Jamila Kaya and Cisco's Duo Labs originally identified a network of 70 copycat plugins with 1.7 million users that were infecting users' browsers and exfiltrating data.

The U.S. Cybersecurity Infrastructure and Security Agency has released its cybersecurity plan for the run-up to the 2020 presidential election, outlining the agency's role as a facilitator that will assist federal, state and local agencies in protecting critical election infrastructure. CISA, a unit of the U.S. Department of Homeland Security, will focus on protecting the election infrastructure as well as the infrastructure used by campaigns and political parties; making sure voters are protected from disinformation campaigns; and issuing warnings and responses related to foreign influence and hacking.