Security News > 2020
A pair of misconfigured cloud-hosted file silos have left thousands of peoples' sensitive info sitting on the open internet. The latest demonstration of this comes from eggheads at VPNmentor, who this week said they found two open AWS S3 buckets, one belonging to a UK consulting firm and another run by an adult webcam host.
Software AG announced the appointment of Dr. Matthias Heiden as its new Chief Financial Officer. Software AG's Chairman of the Supervisory Board Dr. Andreas Bereczky said: "I would like to take this opportunity to welcome Dr. Heiden to Software AG. His track record gives him an excellent understanding of how software businesses run; combined with new CFO DNA, I am certain he will make an outstanding contribution to Software AG.".
iPipeline - a leading provider of cloud-based software solutions for the life insurance and financial services industry - announced the appointment of Daphne Thomas to the role of Chief Operating Officer. Daphne has served as EVP of Professional Services and Chief Transformation Officer at iPipeline for 12 years.
Oracle has released a sweeping set of security patches across the breadth of its software line. The January update, delivered one day after Microsoft, Intel, Adobe, and others dropped their scheduled monthly patches, addresses a total of 334 security vulnerabilities across 93 different products from the enterprise giant.
Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site's backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in, according to researchers from WebArx who created proof-of-concept attacks to exploit the vulnerability.
Billions of internet-connected devices and the introduction of 5G are transforming the way cities and municipalities care for their citizens. Join Dave Masson, Director of Enterprise Cyber Security at Darktrace and Craig Brown, Chief Innovation Officer of the City of Westland, as they explain how artificial intelligence can detect and respond to cyber-threats targeting the public sector.
Perhaps the most notable of the emerging security models is zero trust. "Zero trust" is a phrase first coined by John Kindervag of Forrester in 2010 to describe the need to move security leaders away from a failed perimeter-centric approach and guide them to a model that relies on continuous verification of trust across every device, user and application.
A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency. Microsoft's January Patch Tuesday security bulletin disclosed the "Important"-severity vulnerability, which could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.
With the complexity of consumer devices only increasing, contextual security should be a priority for all – a situation which would avoid password shaming.
The Department of Health and Human Services has issued a draft of a five-year strategic health IT plan that is largely focused on providing patients with secure access to their health information as well as supporting secure, interoperable health information exchange among healthcare providers. The 28-page draft document released Wednesday is "An outline for federal health information technology goals and objectives to ensure that individuals have access to their electronic health information to help enable them to manage their health and shop for care," says the HHS Office of the National Coordinator for Health IT. "The draft federal strategic plan supports the provisions in the 21st Century Cures Act that will help to bring electronic health information into the hands of patients through smartphone applications," said Don Rucker, M.D., national coordinator for health IT. ONC is accepting public comment on the draft plan until March 18.