Security News > 2020

Other organizations are also adopting NIST password guidelines and security protocols because they reduce the risk for most organizations. It easy for administrators to enforce a minimum password complexity with the standard Active Directory functionality but enforcing a character changes is more complex.

As a result, organizations - especially healthcare entities and units of government that have been particularly vulnerable to ransomware attacks - need to be on guard against destructive "Wiper" attacks along the lines of those waged earlier by Iran, says Caleb Barlow, CEO of the security consultancy CynergisTek. Those attacks could be carried out not just by attackers affiliated with the nation-state, but also by rogue hackers who sympathize with the Iranian government, he says in an in-depth interview with Information Security Media Group.

Google kicked off its first Android Security Bulletin of 2020 patching a critical flaw in its Android operating system, which if exploited could allow a remote attacker to execute code. Google said its' critical vulnerability exists in Android's Media framework, which includes support for playing a variety of common media types, so that users can easily utilize audio, video and images.

Patting itself on its back for motivating software makers to fix 97.7 per cent of the vulnerabilities it identifies within its 90-day disclosure deadline, Google's bug-hunting unit Project Zero has decided to ease up on those racing to patch their flawed products. As a result of the amended policy, vulnerability details will remain undisclosed for a longer period of time, giving developers enough time to fix their code, and netizens to test and install the patches, before Googlers make technical details and proof-of-concept exploits public for all to see.

Private equity firm Insight Partners plans to acquire yet another security company. Insight Partners had previously invested in Armis; other investors have included Sequoia Capital, Bain Capital Ventures and Red Dot Capital Partners.

Only certain cameras support Windows Hello facial recognition, and you have to set up the feature for it to scan and recognize your face. On the plus side, if you're able to set up facial recognition, you can use it for more than just signing in to Windows 10.

The Sodinokibi ransomware strain is apparently behind the New Year's Eve attack on foreign currency-exchange giant Travelex, which has left its customers and banking partners stranded without its services. The attack could have been successful in part because Travelex took several months to patch critical vulnerabilities in its Pulse Secure VPN servers, according to Bad Packets.

Organizations should long ago have put in place multifactor authentication and a breach response plan and continued to actively shore up any defenses that are lagging. Here's the U.S. government once again warning organizations that support critical infrastructure to do the basics.

Symantec's parent Broadcom has offloaded its Cyber Security Services operation to Accenture for an undisclosed sum. Some 300 staff are employed by the security services division, and presumably most, if not all, will shuffle off to their new employer in March, when the buy clears.

Email and data security company Mimecast on Monday announced the acquisition of threat protection solutions provider Segasec. The acquisition, Mimecast says, is expected to help it better defend customers against fake websites that aim to harvest the credentials of their customers, employees, partners, and third-party vendors within their supply chains.