Security News > 2021 > March

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. While CVE-2020-27170 can be abused to reveal content from any location within the kernel memory, CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory.

Email spoofing is used in phishing attacks to trick users into believing the message is from a person or entity they either know or can trust. Email spoofing is possible because the email system used to represent email addresses provides no way for outbound servers to verify the legitimacy of the sender's address.

As internet standards groups look to boost trust and security through new requirements for shorter certificate lifecycles and online privacy acts introduce increasingly punitive regulatory mandates, the business risks of certificate management are only increasing. How the four pillars of certificate automation are shaping the next normal.

Security leaders embracing zero trust identity security. 88 percent of respondents said adopting more of a zero trust approach is "Very important" or "Important."

In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The changes, which were committed as "Fix Typo" in an attempt to slip through undetected as a typographical correction, involved provisions for execution of arbitrary PHP code.

The pandemic-driven shift to remote work has significantly changed how companies are investing in identity and access management capabilities and zero trust security, according to a survey from Ping Identity. "Business leaders have been faced with an urgent need to invest more in identity security capabilities to effectively secure employees and customers in a dispersed work environment," said Andre Durand, CEO of Ping Identity.

The data center market research from Technavio indicates neutral growth in the short term as the business impact of COVID-19 spreads. This will drive the demand for the upgrade of the existing data center network infrastructure and there will be an increase in new data centers being constructed closer to the data origins for reducing latency.

Siemens unveiled its next-generation Veloce hardware-assisted verification system for the rapid verification of highly sophisticated, next-generation integrated circuit designs. Veloce Strato+, a capacity upgrade to the Veloce Strato hardware emulator.

Solvo announced the general availability of its cloud security solution designed to solve cybersecurity challenges that both developers and security teams are experiencing today. The solution integrates with existing workflows versus trying to change them, and addresses growing security challenges by creating and maintaining a least-privilege security policy for cloud native applications.

Elastic announced new updates across the Elastic Security solution in the 7.12 release to accelerate threat hunting and investigation workflows, prevent ransomware, and eliminate blind spots. Elastic Security streamlines security operation workflows and helps practitioners maximize data insights with analyst-driven correlation.