Security News > 2020

As we say every year, Data Privacy Day is more than just a 24-hour period when you try to keep safe online. It's a day to think about changes you can make in your digital life that will keep you safer today, and tomorrow, and the day after, and the day after that.

Here are 10 important tasks security administrators should perform to keep devices protected and secure. While it is easy for users to focus solely on protecting computers and their devices, security admins are tasked with managing the overall landscape-including LAN/WAN, services, the devices used to access those services, and the most unpredictable factor of them all: The end user.

Millions of devices deployed across a wide range of sectors could be exposed to hacker attacks due to security issues associated with the use of LoRaWAN, cybersecurity firm IOActive warned on Tuesday. The LoRa Alliance, the non-profit organization behind the LoRaWAN standard, says there are currently well over 100 million devices using LoRaWAN all around the world and it estimates that the number will reach 730 million by 2023.

The British government has finally woken up to the relatively lax security of IoT devices, and is lurching forward with legislation to make gadgets connected to the web more secure. The Department of Digital, Culture, Media and Sport said it will require makers of IoT hardware to ship devices with unique passwords that cannot be reset to a factory default setting.

The second edition of the DEF CON China hacking conference has been put on hold as the country is fighting the coronavirus outbreak. The outbreak is prompting China to put several cities in lockdown.

Cybersecurity professionals face a major challenge of reducing dwell time - the time it takes to identify an attacker inside your network, establishing a foothold, escalating privileges, moving laterally, and even exfiltrating data or locking down your machines in a ransomware attack. In order to decrease system risk and network costs, every effort should be made to identify the attacker earlier in the timeline.

Learn how to avoid saving your Docker login credentials in plain text by creating an encrypted credential storage.

San Francisco-based startup AppOmni has raised $10 million in Series A funding round led by ClearSky and supported by existing investors Costanoa Ventures, Silicon Valley Data Capital, and Twilio's COO George Hu. This brings the total raised by the firm to $13 million. The problem is the sheer volume of SaaS applications used by businesses - dozens for smaller companies and hundreds for the larger enterprises - all of which have different security controls sometimes with user manuals running to a hundred or more pages.

While there are dozens of metrics available to determine success, here are two key cybersecurity performance indicators every organization should monitor. According to the SANS 2019 Incident Response survey, 52.6% of organizations had an MTTD of less than 24 hours, while 81.4% had an MTTD of 30 days or less.

After observing an increase in the number of fraudulent transactions, Google over the weekend announced that it halted the publishing of paid items to the Chrome Web Store. "Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users. Due to the scale of this abuse, we have temporarily disabled publishing paid items," Simeon Vincent, extensions developer advocate at Google, explains.