Security News > 2020

The problem of finding software vulnerabilities seems well-suited for ML systems. Going through code line by line is just the sort of tedious problem that computers excel at, if we can only teach them what a vulnerability looks like.

Professional services company Cognizant has fallen victim to a cyber-attack which appears to have been the work of the Maze ransomware operators. With roughly 300,000 employees around the world, Cognizant ranked 193 on the Fortune 500 list in 2019.

This week in The Reg's security roundup of the notable bits beyond what we've already covered, the Tor Project has cut back to its core team, Zoom has called in the big security guns, US tech firms are taking on its Congress - and more. First off, it has been a bad weekend for 13 staffers at the nonprofit Tor Project after they were let go as the team was reduced to core operations only.

From the critical bug in Google Chrome to Signal's fears over the EARN Act, get yourself up to date with everything we've written in the last week.

Security standards for defence contractors have been lowered thanks to the coronavirus outbreak, Britain's Ministry of Defence has told its suppliers. In an Industry Security Notice published to an obscure corner of GOV.UK, the ministry said it is suspending the need for its suppliers to have the Cyber Essentials Plus security certification.

European efforts to define a contact-tracing protocol aimed at making it easier for authorities to detect cases of COVID-19 appear to be having a rather vivid disagreement. One of the efforts is the Pan-European Privacy-Preserving Proximity Tracing group, a Germany-based effort to develop a contact-tracing protocol.

To address these challenges, cloud providers have introduced support for Bring Your Own Key that allows organizations to encrypt data inside cloud services with their own keys while still continuing to leverage the cloud provider's native encryption services to protect their data. Even with BYOK, keys still exist in the cloud providers' key management service.

As should be evident to anyone in the cyber security industry, the wide range of available web security solutions from commercial vendors will necessarily have varying degrees of effectiveness against different threats. Once a bad script finds its way past the IDS/IPS onto a client browser, the malware can run without the gateway security having any idea it is occurring.

Field Programmable Gate Arrays, FPGAs for short, are flexibly programmable computer chips that are considered very secure components in many applications. Attackers can gain complete control over the chips and their functionalities via the vulnerability.

There has been an increasing number of high-volume attacks in Q1 2020, with 51 attacks over 50 Gbps. The average bandwidth of attacks also rose, reaching 5,0 Gbps versus 4,3 Gbps in the same quarter in 2019. Key findings Maximum bandwidth nearly doubles: In Q1 2020, the maximum bandwidth nearly doubled in comparison to the previous year; the biggest attack stopped was 406 Gbps. In Q1 2019 the maximum bandwidth peaked at 224 Gbps. Complex multi-vector attacks rising: The share of multi-vector attacks rose to 64% in Q1 2020 up from 47% in Q1 2019.