Security News > 2020

A report published this week by the U.S. Government Accountability Office shows that the Pentagon's cyber hygiene initiatives have not been completed and in some cases no one is keeping track of their progress. The GAO has reviewed three of the Department of Defense's initiatives aimed at improving the security of its networks, including the 2015 Cybersecurity Culture and Compliance Initiative, the 2015 Cyber Discipline Implementation Plan, and the Cyber Awareness Challenge training.

Identity verification and authentication provider Onfido today announced the closing of a $100 million funding round that brings the total raised by the company to date to $200 million. With 400 employees, the company serves 1,500 companies worldwide.

After recently directly notifying a number of hospitals about vulnerable gateway and VPN appliances in their infrastructure, Microsoft has decided to offer its AccountGuard threat notification service for free for healthcare and worldwide human rights and humanitarian organizations. "Both AccountGuard for Healthcare and AccountGuard for Human Rights Organizations will initially be available to organizations in the 29 countries where we already offer AccountGuard, subject to review of local laws and regulations, and we will be adding new countries based on need and local law."

Understandably, the end-to-end encrypted messaging app Signal has been signing up new users at "Unprecedented" rates and flipping the switch on servers "Faster than we ever anticipated," Signal's Joshua Lund said last week. At a high level, what the bill proposes is a system where companies have to earn Section 230 protection by following a set of designed-by-committee 'best practices' that are extraordinarily unlikely to allow end-to-end encryption.

Credit card swipers have found a hard-to-detect way to target WordPress websites using the WooCommerce plugin by secretly modifying legitimate JavaScript files. That's according to web security company Sucuri, which has detailed a recent attack it was called into investigate on a site that had experienced a mysterious spate of credit card fraud.

Google has ousted 49 Chrome extensions from its Chrome Web Store because they contained malicious code, a ritual that should be familiar after a decade of purges. Some of the extensions, he said, were supported by fake five-star reviews; some internet good samaritans also tried to warn others that the extensions were malicious.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

Security testing data is "The unsung hero" of securing application development. Security vulnerabilities are functions of the application's design - either you used a library in building the application that was insecure, or you coded an application that was in some way insecure, or you have fundamental architectural security flaws.

Naturally, the question of security arises given the need to ensure that employees are well prepared for the challenges associated with remote work. These two security concerns alone highlight the importance of workers staying vigilant and maintaining security awareness in their everyday work.

Hackers could remotely interfere with a connected vehicle and disrupt safety critical systems and functions including the engine, brakes, and steering wheel, causing the driver to lose control. As drivers crave more personalization and customization features, vehicles will be even more connected and will need the ability to host and process in-vehicle updates safely.