Security News > 2020
EU companies aren't taking out insurance against attacks on online assets because the companies selling coverage aren't organised enough - while Brits are more likely to pay off ransomware crooks than others. The "What is covered" argument was sharply highlighted by a number of high-profile court cases brought by insurance companies against their own customers, in efforts to evade paying out in the aftermath of cyber incidents.
Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week. Google has released an open-source implementation called OpenSK. It's a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key.
Iowa prosecutors have dropped trespassing charges against a pair of penetration testers who were contracted to test the electronic and physical security of three judicial facilities. "The arrests raise national awareness on the quiet war being waged against cybercrime, and the critical role red team penetration testing plays in defending the integrity of public and private sector commerce."
From exposing private data on Trello to critical iPhone bugs - and everything in between. It's weekly roundup time.
Western military alliance NATO could have reacted with force to the 2017 WannaCry ransomware outbreak that locked up half of Britain's NHS, Germany's top cybergeneral has said. During a panel discussion about military computer security, Major General Juergen Setzer, the Bundeswehr's chief information security officer, admitted that NATO's secretary-general had floated the idea of a military response to the software nasty.
Western military alliance NATO could have reacted with force to the 2017 WannaCry ransomware outbreak that locked up half of Britain's NHS, Germany's top cybergeneral has said. During a panel discussion about military computer security, Major General Juergen Setzer, the Bundeswehr's chief information security officer, admitted that NATO's secretary-general had floated the idea of a military response to the software nasty.
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative privileges on Linux or macOS systems. Sudo has been designed to let users run apps or commands with the privileges of a different user without switching environments.
Despite heading a company that provides a technological solution for stopping targeted email attacks, Evan Reiser, CEO of Abnormal Security, knows that technology is not the complete answer to the malicious email problem. "Some businesses are giving up on technology and defaulting to an awareness-based security program for detecting email attacks, but that sets them up for failure. Our brains are wired to look for patterns and repeat processes, so for something that we do daily like email, it's only a matter of time before an employee accidentally clicks a link from a 'trusted' company," he told Help Net Security.
The bug-hunters at Checkpoint have laid claim to the discovery and reporting of two serious, and now patched, security flaws in Microsoft Azure. Among the fixes are security updates for iOS and macOS, the two major operating systems from Cook and Co. While there aren't any massive risks posed by the patched flaws, users and admins should look to get the patches in place before malware writers begin to take aim at them.
Encryption is a popular topic among security professionals and occasionally a polarizing one. Disk-level encryption has nothing to do with internal user visibility - it's just one component of what should be a comprehensive approach to data security to protect against database-level data loss.