Security News > 2020

Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx and Microsoft Teams, are certainly not immune from cybercriminal attention. According to a HackerOne bug-bounty report, a HTTP Request Smuggling bug, in a proof-of-concept, was used to force open-redirects within Slack, leading users to a rogue client outfitted with Slack domain cookies.

Mozilla has released updates for its Firefox web browser to patch two critical use-after-free vulnerabilities that have been exploited in attacks. Both flaws have been addressed with the release of Firefox 74.0.1 and Firefox ESR 68.6.1.

The UK Information Commissioner's Office has yet again postponed its £280m in fines against British Airways and Marriott Hotels for data leaks. The fines were handed to both companies following damaging and widely publicised digital break-ins affecting millions of people around the world.

From Marriott International's huge data breach to whether Houseparty has really hacked you - it's roundup time.

Countering cyber-threats is a constant game of cat and mouse and hackers always want to get the maximum reward from the minimum effort, tweaking known attack methods as soon as these are detected by the AI. CTOs therefore need to make sure that the AI system is routinely exercised and fed new data and that the algorithms are trained to understand the new data. AI is based on heuristics whereas machine learning requires a lot of data and algorithms that must be trained to learn the data and provide insights that will help to make decisions.

That's why, despite TLS 1.3 being around since 2018 and offering greater security that TLS 1.2, the latter that remains the de facto standard. The TLS 1.2 protocol took multiple round trips between client and server, while TLS 1.3 is a much smoother process that requires only one trip.

Cybercrime is evolving since criminals have been quick to seize opportunities to exploit the pandemic by adapting their tactics and engaging in new criminal activities. Cybercriminals have been among the most adept at exploiting the pandemic.

Total end-user spending on IT infrastructure products for cloud environments, including public and private cloud, recovered in the fourth quarter of 2019 after two consecutive quarters of decline, according to IDC. The 12.4% year-over-year growth in 4Q19 yielded $19.4 billion in spending. In 4Q19, growth in spending on cloud IT infrastructure was driven by the public cloud segment, which grew 14.5% year over year to $13.3 billion; private cloud grew 8.2% to $6.1 billion.

Ivanti, the company that unifies IT to better manage and secure the digital workplace, announced the expansion of its growing portfolio of enterprise service management solutions with the launch of Ivanti Assistants which enable endpoint self-healing capabilities. "Ivanti Assistants are a new family of cloud-based automation bots that provide endpoint self-healing capabilities and give IT organizations their very own 24/7 virtual support team," said Ian Aitchison, senior product director at Ivanti.

Lightstep, the leading provider of observability software for organizations adopting microservices and serverless, announced the release of its best-in-class observability solution to help developers better understand the health of systems and services. New analysis features provide developers with the fastest and most effective way to investigate errors, understand service health issues, and predict the impact of new deployments.