Security News > 2020
Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill.
"Elite" hackers have tried - and failed - to breach computer systems and networks of the World Health Organization earlier this month, Reuters reported on Monday. The Canadian Centre for Cyber Security has also been warning Canadian health organizations about cyber criminals and spies.
On Sunday, the US Department of Justice announced that it shut down what it called a wire fraud scheme being carried out by the operators of a site in order to squeeze profit from the confusion and widespread fear surrounding COVID-19 - by promising to ship coronavirus vaccine kits that don't actually exist. There are currently no legitimate COVID-19 vaccines and the WHO is not distributing any such vaccine.
"It is hard or impossible to predict just how many times of skipping a good brushing it takes to get you in trouble with tooth pain, so we tend to take on more risk until we end up getting toothache and regret not investing enough on proactive maintenance," Ehsan Foroughi, Vice President of Products at Security Compass, told Help Net Security. "Proper security hygiene, when done in the traditional way, gets in the way of agility and creates the dilemma: should we take on risk to move fast in the business, or should we slow down and do the right thing? Unfortunately, human nature pushes many to choose the fast and risky approach which leaves them with a ticking time-bomb of a security incident waiting to happen."
IR providers face a unique challenge when approached by these organizations since, due to the Coronavirus mass quarantine, conducting incident response engagements by arriving physically to the customers' offices is impossible. Cynet 360, a tool of choice for a number of IR providers, enables responders to compensate on the lack of physical access with the ability to conduct a full IR operation remotely by seamless and rapid remote deployment, complete visibility into the attacked organization's environment, automated threat detection, and integrated MDR services.
Scripting attacks are nearly as common as malware-based attacks in the United States and, according to the most recent Crowdstrike Global Threat Report, scripting is the most common attack vector in the EMEA region. Python backdoor scripts are easy to find - a simple GitHub search turns up more than 200.
Research from the Better Business Bureau, the FINRA Investor Education Foundation, and the Stanford Center on Longevity found that people are more likely to lose money to a scam when they are socially or physically isolated from others, if they are actively engaging online, and if they are financially vulnerable. "According to our research, social isolation is a key risk factor for susceptibility to scams, as is financial vulnerability," said Melissa Lanning Trumpower, executive director of the BBB Institute for Marketplace Trust, BBB's foundation that conducted the research.
More than two-fifths of organizations experience false positive alerts in more than 20% of cases, while 15% reported more than half of their security alerts are false positives. On average, respondents indicated 26% of alerts fielded by their organization are false positives, a Neustar repot reveals.
"As the COVID-19 crisis disrupts organizations across the globe, HR leaders must respond quickly and comprehensively, considering both immediate and long-term talent consequences," said Brian Kropp, chief of research for the Gartner HR practice. A greater percentage of organizations plan to reduce work for external partners rather than employees - one-fifth of organizations plan to stop or limit consultant spend and/or reduce the number of contract workers.
United Microelectronics Corporation, a leading global semiconductor foundry, and Faraday Technology Corporation, a leading ASIC design service and IP provider, announced that Faraday's 28Gbps programmable SerDes PHY is now available on UMC's 28HPC process technology. UMC's 28HPC process stands out as an easy-to-adopt platform to realize high-speed interface designs; thus this 28nm 28G SerDes can significantly shorten chip design cycle times to more readily enable the infrastructure for 100G Ethernet, PCIe 4.0, 5G, and most xPON applications.