Security News > 2020

Enterprise SOC-as-a-Service company Cysiv this week announced that it has raised $26 million in a Series A funding round. Cysiv has spun out of Trend Micro and is now an independent company.

A trio of boffins at Singapore University this week disclosed 12 security vulnerabilities affecting the Bluetooth Low Energy SDKs offered by seven system-on-a-chip vendors. "SWEYNTOOTH potentially affects IoT products in appliances such as smart-homes, wearables and environmental tracking or sensing," explain Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang, in a research paper [PDF] describing the BLE bugs.

The Chinese company Huawei can secretly tap into communications through the networking equipment it sells globally, a U.S. official charged as the White House stepped up efforts to persuade allies to ban the gear from next-generation cellular networks. The Trump administration has been lobbying for more than a year to persuade allies to exclude Huawei equipment from their next-generation cellular networks, known as 5G. Britain and the European Union have declined to impose an outright ban, however.

Some of the efforts Google has made over the past few years to bolster the security of Android app users as well as the mobile apps available on its Google Play store are starting to work, according to the tech giant. "Over the last few years we've made the trust and safety of Google Play a top priority, and have continued our investments and improvements in our abuse detection systems, policies, and teams to fight against bad apps and malicious actors," Andrew Ahn, Product Manager, Google Play and Android App Safety, wrote in a blog post this week.

Nest owners, if you aren't already flying with two-factor authentication on your accounts, get ready for Google to push you into spreading those security wings. On Tuesday - which, appropriately enough, was Safer Internet Day - Google announced that in the spring, it will start forcing users of its Nest webcams and other products to use 2FA to secure their accounts.

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 65 has been released today. It’s a free download, no registration...

Overall, 74 percent agree that automation enables IT security staff to focus on more serious vulnerabilities and overall network security. Interestingly, automation highlights a renewed focus on the importance of the human role in security.

60% of initial entries into victims' networks leveraged either previously stolen credentials or known software vulnerabilities, allowing attackers to rely less on deception to gain access, according to a new IBM report exploring the global threat landscape. "The amount of exposed records that we're seeing today means that cybercriminals are getting their hands on more keys to our homes and businesses. Attackers won't need to invest time to devise sophisticated ways into a business; they can deploy their attacks simply by using known entities, such as logging in with stolen credentials," said Wendi Whitmore, Vice President, IBM X-Force Threat Intelligence.

Cryptocurrency users, exchanges and investors suffered $4.5 billion in crypto-related losses resulting from thefts, hacks, and fraud, a CipherTrace report reveals. Of additional concern for banks, 66 percent of dark market vendors sell stolen financial products and compromised accounts for cryptocurrency.

62 percent of employees are unsure if their organization has to comply with the recently-enacted CCPA, which gives California residents enhanced consumer data privacy rights, according to a survey of more than 1,000 employees conducted by Osterman Research. "To adequately protect consumer data, companies must quickly transform employees from bystanders into security advocates, and that begins with awareness programs that engage employees and reinforce behaviors that align with security and compliance goals."