Security News > 2020

Passwords have been an industry standard and industry headache for decades. Several industry experts discussed the challenges of and solutions to passwords.

Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches. Impacted with multiple critical flaws, rated 9.8 CVSS in severity, are 13 key Oracle products including Oracle Financial Services Applications, Oracle MySQL, Oracle Retail Applications and Oracle Support Tools, according to the company's April Critical Patch Update Pre-Release Announcement, posted Monday.

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Researchers are warning of a remote overlay malware attack that leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. Grandoreiro is a type of remote overlay banking trojan, designed to help attackers overtake devices and display a full-screen overlay image when victim accesses their online banking account.

In what was surely a very serious piece of research and not just an excuse to set stuff ablaze, the team at the aptly-named CoalFire have demonstrated how a 3D printer could be tricked into bursting into flames remotely. By hijacking the firmware update process of a 3D printer called the Flashforge Finder, a miscreant could potentially flash the machine's software to remove its temperature constraints.

A recent survey of security operations effectiveness found that just 37 percent of security professionals have hard evidence to verify their security products are configured and operating correctly. It's critical that organizations implement an in-depth testing strategy to close these security gaps and cut the risk of being breached, rather than simply trusting and hoping their security products are performing as expected.

The Information Security Forum predicts the coming threats with a very good track record so far. The ideal choice would be to find someone who can predict future threats and to prepare for them in the present.

San Jose, Calif.-based cloud security firm Zscaler said it will acquire Redmond, Wash.-based startup Cloudneeti for an undisclosed sum. Cloudneeti offers cloud security posture management to prevent and remediate misconfigurations in SaaS, IaaS and PaaS. "Cloudneeti augments Zscaler's data protection capabilities and will dramatically improve organizations' cloud security by discovering and eliminating some of the most common causes of data breaches and compliance violations," said Jay Chaudhry, Chairman and CEO of Zscaler.

Hackers managed to breach two websites pertaining to the San Francisco International Airport in March 2020, the airport has revealed. The incident involved SFOConnect.com and SFOConstruction.com, two low-traffic websites designed to keep visitors informed on a variety of SFO-related topics, such as the COVID-19 crisis, alternate AirTrain routing, airfield operations, airport construction contracts, and the like.

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. Fourth, the public health authorities need geographical data for purposes other than contact tracing - such as to tell the army where to build more field hospitals, and to plan shipments of scarce personal protective equipment.