Security News > 2020

The researchers who developed this screen illumination scheme, Mordechai Guri, Dima Bykhovsky, and Yuval Elovici, have done previous side channel transmission work: exploring ultrasonic data leakage, an escape route for Faraday-caged computers; computer-smartphone data exchange via electrical fields; acoustic signaling using fan modulation; and covert signaling via keyboard lights, among other techniques. The latest paper from the trio, presented at the 12th CMI Conference on Cybersecurity and Privacy in November and just distributed via ArXiv, is called "BRIGHTNESS: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness."

Google this week released Chrome 80 to the stable channel with 56 vulnerability patches and various other improvements to user security. To better protect from cross-site request forgery attacks, Chrome 80 will enforce a new secure-by-default cookie classification system, where only cookies set as SameSite=None; Secure will be available in third-party contexts, as long as they are accessed from secure connections.

Having recently received just such a bombardment at one of the larger IAM conferences, I was curious at how well zero trust applies to fraud prevention. Although the zero trust framework is gaining momentum in the enterprise, its basic concepts have been the mainstay of fraud prevention in industries like insurance, finance and retail for a very long time.

Across the board, malicious cyber-activity was down partly as a result of hectic holiday schedules and vacations with fewer employees around to interact with malicious activity. This decrease in activity also tracks to the heightened malicious activity Nuspire researchers saw at the beginning of 2019.

The FBI reportedly warned this week that attackers repeatedly attempted to disrupt a state's voter registration and information website with a distributed denial-of-service attack. On Tuesday, the FBI issued a Private Industry Notification that described the attempted DDoS attack, according to Bleeping Computer, which says it obtained a copy of the alert.

Shadow IoT devices pose a significant threat to enterprise networks, according to a new report from Infoblox. Shadow IoT devices are defined as IoT devices or sensors in active use within an organization without IT's knowledge.

Acunetix 13 comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning, proof-of-exploit, incremental scanning, and more. Scanning complex web applications using traditional web vulnerability scanners may take hours, having a serious impact on production site performance and internal processes.

NCP engineering released version 5.30 of the Secure Enterprise Management Server, a central component of the NCP Next Generation Network Access Technology that serves as a single point of administration. With the NCP Secure Enterprise Management Server version 5.30, a Time-based One-time Password generated through the NCP Authenticator App can be used as an alternative to NCP's Advanced Authentication via SMS as a second factor.

The RSA Conference Learning Labs are designed to offer full conference pass attendees facilitated experiences to immerse attendees in interactive exercises and discussions. Unlike a traditional track session being offered at the conference, Secure Code Warrior CEO Pieter Danhieux and Jim Manico, founder of Manicode Security will serve as Lab facilitators or "Guides on the side," leading participants through the content and exercises, while challenging them to apply what they are learning and engage with one another.

Long-suffering Yahoo! customers may finally get some compensation for having their personal details exposed to hackers not once, not twice, not three times, nor four times, but five times between 2012 and 2016. The proposed $117.5m settlement from the US class-action lawsuit brought back when Yahoo! actually existed is headed toward its final approval by a judge.