Security News > 2020
Note that it's more than just One Safe Internet Day, where you spend 24 hours taking security seriously, only to fall back on bad habits the day after. As the old saying goes, "Cybersecurity is a journey, not a destination," and that's why we have SAFER internet day - it's all about getting BETTER at cybersecurity, no matter how safe you think you are already.
Challenges firms are facing in adopting the framework;. Why NIST is considering additional guidance for small business;.
Based on a recent survey of 110 US-based IT decision-makers, US Signal's "2020 State of Data Center Offerings" report cited security and compliance, backup and disaster recovery, and network availability as the top factors when selecting a third-party edge data center provider. Some 42% of those surveyed cited disaster recovery and backup availability as a key factor when evaluating edge data center providers.
For IT security professionals, automation is reducing stress levels in the short term but threatening job security in the future. At the same time, 51% of respondents believe that automation will cut the headcount in the security department, up from 30% in last year's study.
RSA Conference announced the addition of the RSAC Security Scholars Poster Pitch-Off to its RSAC AdvancedU programming. RSAC AdvancedU is a series of programs that provides outreach to college students to introduce and encourage a career in cybersecurity and supports education throughout the various stages of a career within the industry.
PayPal came in first of the 25 most impersonated brands in phishing attacks for the fourth quarter of 2019, according to a report released Tuesday by Vade Secure. Though PayPal-impersonated phishing attacks fell by 31% compared with the third quarter, the volume of such attacks rose by 23% from the last quarter of 2018.
An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative election. In Israel, all political parties receive personal details of voters before the election, which they can't share with any third party and are responsible for protecting the privacy of their citizens and erasing it after the elections are over.
PayPal remains the top brand impersonated in phishing attacks for the second quarter in a row, with Facebook taking the #2 spot and Microsoft coming in third, according to Vade Secure. For the second straight quarter, PayPal was the most impersonated brand in phishing attacks.
A vulnerability in 12,000+ internet-facing Jenkins servers can be abused to mount and amplify reflective DDoS attacks against internet hosts, Radware researchers have discovered. The vulnerability can also be triggered by a single, spoofed UDP packet to launch DoS attacks against those same vulnerable Jenkins servers, by forcing them into an infinite loop of replies that can't be stopped unless one of the servers is rebooted or has its Jenkins service restarted.
Dell has patched a high-severity flaw in its SupportAssist software that could allow an attacker to execute arbitrary code with administrator privileges on affected computers. The flaw, an uncontrolled search path vulnerability that is being tracked as CVE-2020-5316, could allow a locally authenticated user with low privileges to "Cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code," Dell wrote in its explanation of the bug.