Security News > 2021 > May

While chatting over drinks one day, I asked him: "Why are you one of the most successful and influential cyber investigators I know? What is it about you that separates you from other investigators?". In his explanation, he highlighted how frequently he receives threat reports and investigations from more junior investigators that explain in technical detail how a given function or process was exploited by an attacker to achieve their goals.

A team of academics from the University of Virginia and University of California, San Diego, have discovered a new line of attack that bypasses all current Spectre protections built into the chips, potentially putting almost every system - desktops, laptops, cloud servers, and smartphones - once again at risk just as they were three years ago. The disclosure of Spectre and Meltdown opened a floodgates of sorts, what with endless variants of the attacks coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorporate defenses to alleviate the vulnerabilities that permit malicious code to read passwords, encryption keys, and other valuable information directly from a computer's kernel memory.

Throughout 2020, RevCult went through this same security risk assessment process with a host of clients. Despite the fact that these clients represented a diverse array of industries, there was significant overlap in the security and governance challenges they experienced related to their use of Salesforce.

Despite widely recognized security risks, passwords remain the de facto standard for user access and authentication for online applications, with the average person having 100 passwords. Survey results indicate many consumers find password creation cumbersome, and widespread poor password hygiene could put consumers and the brands they engage with at risk.

Army researchers developed a deepfake detection method that will allow for the creation of state-of-the-art soldier technology to support mission-essential tasks such as adversarial threat detection and recognition. Researchers at the U.S. Army Combat Capabilities Development Command, known as DEVCOM, Army Research Laboratory, in collaboration with Professor C.-C. Jay Kuo's research group at the University of Southern California, set out to tackle the significant threat that deepfake poses to our society and national security.

94.7% of IT leaders saw an impact to their work-from-home data protection as a result of COVID-19, according to IDC. The survey also unearthed that 90.8% of respondents point to modernizing data protection, including backup and disaster recovery, as a top IT priority that is crucial to their organizations' overall digital transformation. The survey found many organizations are serious about data protection modernization as 80% of new applications will be deployed in the cloud or at the edge, where most cloud applications will either be SaaS or cloud-native containerised applications, thus potentially creating a data management gap.

Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings. The data-harvesting ad giant on Thursday detailed plans to create a "Safety section in Google Play" that it says "Will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security."

Combining data collected by the SentinelOne platform and Arete's frontline intelligence gained from thousands of incident response engagements, the new offering enables significantly broader protection for organizations of all types and sizes. Application of Arsinal threat hunting and auto-defense schema directly into SentinelOne client consoles, continuously hardening defenses against the latest malware and threat variants identified and remediated by Arete Experts.

Veriff launched a private beta programme for the Verification Tool, a version of its identity verification software tailored for external use. As the global identity verification market is booming, businesses are investing in the enhancement of their identity verification practices as advanced fraud prevention solutions become an operational requirement.

Juniper Networks announced that the company is continuing its investment in the Secure Access Service Edge market with the introduction of Juniper Security Director Cloud, a cloud-based portal that distributes connectivity and security services to sites, users and applications, as well as manages customers' SASE transformations. Juniper Security Director Cloud bridges organizations' current security deployments with their future SASE rollouts by providing security that is managed anywhere and everywhere, on-premises and in the cloud, from the cloud.