Security News > 2020

Automation is transforming the enterprise around the globe, directly impacting the bottom line as a result of improved productivity and efficiency, according to UiPath. Automation's impact on the workplace is not well understood and cannot be ignored: automation raises concerns about the impact on jobs, skills, wages, and the nature of work itself.

This is beginning to change as a result of certain security vendors, like Cynet, that provide a purpose-built partner offering that enables IT integrators, VARs and MSPs to provide managed security service with zero investment in hardware or personnel. The barriers to become an MSSP. The main obstacle to entering the MSSP market is a lack of prior security experience.

Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts. According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it easier for users to find people they may already know on Twitter by matching phone numbers saved in their contacts with twitter accounts.

Zyxel Communications launched the ZyWALL VPN1000 VPN Firewall, an all-in-one security solution for small and medium businesses. The flagship of the growing Zyxel family of ZyWALL VPN firewalls, VPN1000 is an integrated security solution that combines a powerful firewall with high-performance VPN tunnel capabilities to protect the local network against threats and safeguard data communications between multiple locations or hybrid clouds.

Trend Micro, a global leader in cybersecurity solutions, announced that it will collaborate with Baker Hughes' Nexus Controls operational technology security experts through a strategic framework agreement, signed in late 2019. Under the terms of the agreement, Trend Micro and Baker Hughes plan to work together to help mitigate these and other cyber-risks in support of IT and security leaders looking to drive digital transformation success.

The chair of the House Energy and Commerce Committee - which oversees the FCC - Frank Pallone issued a statement: "Following our longstanding calls to take action, the FCC finally informed the Committee today that one or more wireless carriers apparently violated federal privacy protections by turning a blind eye to the widespread disclosure of consumers' real-time location data. This is certainly a step in the right direction, but I'll be watching to make sure the FCC doesn't just let these lawbreakers off the hook with a slap on the wrist." For her part, Commissioner Rosenworcel put out a statement saying: "For more than a year, the FCC was silent after news reports alerted us that for just a few hundred dollars, shady middlemen could sell your location within a few hundred meters based on your wireless phone data."

"We are more interested in ransomware that models behavior that we saw in the WannaCry attacks, where ransomware can exploit a vulnerability and propagate across a network," Ekstrom, who helped work on the documents, tells Information Security Media Group. One significant reason why NIST created these practice guidelines now is that the nature of ransomware has changed over the last two years, Ekstrom says.

A recent wave of AZORult-laced spam caught the attention of researchers who warn that malicious attachments associated with the campaign are using a novel obfuscation technique, in an attempt to slip past spam gateways and avoid client-side antivirus detection. AZORult is remote access trojan popular on Russian forums and most recently spotted last month in a spam campaign perpetrated by a hacker with an affinity toward singer-songwriter Drake.

Hackers are actively targeting a vulnerability in Linear eMerge E3 access controllers to infect the devices with malware and abuse them to launch distributed denial-of-service attacks, SonicWall revealed over the weekend. A Nortek Security and Control LLC product, the Linear eMerge E3 access controller is used in the commercial, industrial, banking, medical, retail, and hospitality sectors to manage user access to specific facilities or areas.

The Mobileye 630 PRO and Tesla's HW 2.5 autopilot system, which comes embedded in the Tesla Model X. On the scale of level 0 to level 5, these two systems are considered "Level 2" automation. In one instance, researchers showed how they were able to cause the Tesla Model X to brake suddenly due to a phantom image, perceived as a person, projected in front of the car.