Security News > 2020

As a venture capital investor who was previously a Chief Information Security Officer, I have noticed an interesting phenomenon: although cybersecurity makes the news often and is top of mind for consumers and business customers, it doesn't always get the attention it deserves by the board of directors. Even on a macro level, security concepts might be difficult to fully understand, so a short and dedicated security training for the board can come in handy.

In 2019 the total number of records exposed increased by 284% compared to 2018, according to Risk Based Security. In total, there were over 15.1 billion records exposed shattering industry projections.

83% of IT security professionals feel more overworked going into 2020 than they were at the beginning of 2019, and 82% said their teams were understaffed, according to a Tripwire survey. The strain on cybersecurity teams is exacerbated by the inability to find experienced staff, and 85% acknowledged it has become more difficult over the past few years to hire skilled security professionals.

An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative election. In Israel, all political parties receive personal details of voters before the election, which they can't share with any third party and are responsible for protecting the privacy of their citizens and erasing it after the elections are over.

Download this 11-page e-book with eight real-world use cases to see how security orchestration, automation and response can improve your team's productivity and efficiency by automating security operations workflows. The following use cases are described in the e-book, but SOAR can address an unlimited number of use cases and automate 80-90 percent of your security team's typically manual tasks.

The U.S. Justice Department today unsealed indictments against four Chinese officers of the People's Liberation Army accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. While the DOJ's announcement today portrays Equifax in a somewhat sympathetic light, it's important to remember that Equifax repeatedly has proven itself an extremely poor steward of the highly sensitive information that it holds on most Americans.

A kernel-level Windows driver for old PC motherboards has been abused by criminals to silently disable antivirus protections, and hold files to ransom. When the ransomware infects a computer - either by some other exploit or by tricking a victim into running it - and loads the driver, the operating system and antivirus packages will allow it because the driver appears legit.

ZeroFOX, the leading provider of public attack surface protection, announced it has extended its artificial intelligence powered platform to now include advanced protection capabilities to solve intractable challenges in the cloud email security market and complement existing email security. The ZeroFOX Advanced Email Protection suite includes capabilities that address Business Email Compromise Protection for Google's G Suite and Microsoft's Office 365 platforms, which identifies impersonation-based attacks targeting employees.

Accenture now provides its Cyber Incident Response Service to help AXA XL's clients respond to and recover from cyberattacks. In the event of an attack, AXA XL clients will now have access to Accenture Security's global network of cybersecurity expertise and technology solutions to help resolve cyber incidents.

A new variant of the notorious Emotet Windows malware is able to spread wirelessly by brute-forcing Wi-Fi network passwords and scanning for shared drives to infect. "Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords."