Security News > 2020

That's the simple way that Google started its Super Bowl ad, which featured an elderly man's voice as he asked Google Assistant to help him remember details about his late wife. Google's Super Bowl spot featured no celebrities.

OpenSK, a new open-source project from Google, lets folk make their own security key for less than £10. Google offers its own Titan security key for two-factor authentication with FIDO U2F and using this or an alternative device goes a long way to protect an account from unauthorised access or takeover.

OpenSK, a new open-source project from Google, lets folk make their own security key for less than £10. Google offers its own Titan security key for two-factor authentication with FIDO U2F and using this or an alternative device goes a long way to protect an account from unauthorised access or takeover.

Australian transportation and logistics giant Toll Group was forced to shut down some of its online services in response to a ransomware attack and customers are not happy with the way the company has handled the incident. A notice posted on the Toll website to inform customers about the incident promised regular updates, but many were displeased with the fact that the first update came only several days later.

A Twitter API could have enabled outsiders to match users' phone numbers to their corresponding accounts and potentially unmask anonymous users of the social media site. Still, many users who wanted better account security have likely given their phone numbers to Twitter.

Google might have mistakenly shared your private videos saved on the company's servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. According to a screenshot Jon Oberheide of Duo Security shared on Twitter, the issue reportedly remained active between 21st November and 25th November last year, during which "Some videos in Google Photos [service] were incorrectly exported to unrelated user's archives."

Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their de-anonymization. That is the same day that security researcher Ibrahim Balic revealed he had managed to match 17 million phone numbers to Twitter accounts by uploading a list of two billion automatically generated phone numbers to Twitter's contact upload feature, and match them to usernames.

How can you make a proactive business case for justifying expenses that advance your security program? I have a few suggestions based on my prior consulting experience and my recent work as a CISO at a cybersecurity firm. Security practitioners used to point to the need for defense-in-depth when explaining why the organization should fund yet another cybersecurity measure.

Based on a survey of more than 4,600 enterprise security practitioners around the globe, the study explores the extent to which organizations prioritize security, the effectiveness of current security efforts, and the impact of new security-related investments. From detailed modeling of cybersecurity performance, the study identified a group of elite "Leaders" - 17% of the research sample - that achieve significantly better results from their cybersecurity technology investments than other organizations.

Criminals sometimes damage their mobile phones in an attempt to destroy data. Manufacturers use those taps to test their circuit boards, but by soldering wires onto them, forensic investigators can extract data from the chips.