Security News > 2020

Office printers don't have to be security threats: with foresight and maintenance they're very easily threat-proofed. Hackers haven't forgotten about printers - not by a long shot.

New research from Tanium reveals that 72 percent of US CIOs find previously undiscovered computing devices on a daily or weekly basis. Even if remote unprotected endpoints are identified, they may be left unfixed due to the considerable bandwidth and time required to connect them via VPN to a centralized patch management solution.

The same problem could occur with a Word document synced through Dropbox or with any number of other legitimate SaaS applications that store data in the cloud. How to improve your SaaS security What can you do to improve the sanctioning processes, compliance, and security of your SaaS applications? Aside from doing your due diligence in researching service providers, here are some suggestions.

Fraud guides accounted for nearly half of the data being sold on the dark web, followed by personal data at 15.6%, according to Terbium Labs. Researchers surveyed three major dark web marketplaces: "The Canadian HeadQuarters", "Empire Market" and "White House Market," sorting all data listings into six categories: personal data, payment cards, financial accounts and credentials, non-financial accounts and credentials, fraud guides and fraud tools and templates.

The United States Cybersecurity and Infrastructure Security Agency yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution vulnerability in Pulse Secure VPN servers-even if they have already patched it. The warning comes three months after another CISA alert urging users and administrators to patch Pulse Secure VPN environments to thwart attacks exploiting the vulnerability.

Cisco this week released security patches to address numerous vulnerabilities across its products, including critical severity flaws that impact IP Phones and UCS Director. The critical vulnerability patched in IP Phones impacts the web server and could allow a remote, unauthenticated attacker to execute code with root privileges.

NUS researchers Prof Massimo Alioto and Mr Sachin Taneja testing the self-healing and self-concealing PUF for hardware security. Prof Alioto elaborated, "On-chip sensing, as well as machine learning and adaptation, allow us to raise the bar in chip security at significantly lower cost. As a result, PUFs can be deployed in every silicon system on earth, democratising hardware security even under tight cost constraints."

Cohesity announced a mobile app that gives busy IT staff a simple way to manage all of their Cohesity clusters right from the palm of their hand. The Cohesity Helios mobile app empowers IT staff to monitor the health and performance of their Cohesity infrastructure, easily manage support cases, and get alerts about anomalies, including potential ransomware attacks to their production environment, while on the go.

Tech giants Apple and Google have joined forces to develop an interoperable contact-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19. Zero Use of Location Data Unlike existing apps developed by different countries that use real-time location tracking to enforce quarantine rules, the proposed system doesn't involve tracking user locations or other identifying data.

Enveil, the pioneering data security company protecting Data in Use, announced the release of its encrypted machine learning product, ZeroReveal Machine Learning, the first adaptable, market-ready solution allowing organizations to process data against an encrypted machine learning model. Building on the success of its ZeroReveal Search solution, Enveil ZeroReveal ML fundamentally changes the paradigm of secure data usage by allowing organizations to enable advanced decisioning through collaborative and federated machine learning in a secure and private capacity.