Security News > 2021 > May
As more private data is stored and shared digitally, researchers are exploring new ways to protect data against attacks from bad actors. Current silicon technology exploits microscopic differences between computing components to create secure keys, but AI techniques can be used to predict these keys and gain access to data.
The research found that when exploit code disclosure precedes a patch, attackers gain a 98-day advantage over defenders - that is, attackers deploy the exploit against more assets than defenders can mitigate for more than three months. The release of exploit code also drives a massive volume of exploits.
Cloudflare research engineer Thibault Meunier assumed that the average internet user sees a CAPTCHA once ever ten days and multiplied that by world's 4.6 billion internet users and Cloudflare's 32-second CAPTCHA-completion estimate to assert that humanity collectively spends 500 years every day completing CAPTCHAs. Cloudflare will initially support three - YubiKeys, HyperFIDO keys; and Thetis FIDO U2F. "Completing this flow takes five seconds," Meunier asserts in a post on Cloudflare's blog.
Datadobi released a report by 451 Research which reveals the major impact that data growth is having on storage management, highlighting the rise in retention of unstructured data exacerbating the storage challenges faced by organizations. The report identifies data growth as the number one storage management challenge in most organizations, ahead of a range of issues such as disaster recovery requirements, cost, and migration.
AeCyberSolutions announces ICS Cybersecurity Risk Screening, a new service to assist industrial organizations in gaining a high-level understanding of the worst-case risk to operations should their industrial control systems be compromised. Utilizing a consequence-based, initial cybersecurity risk screening methodology, the results expose the potential magnitude of cyber risk to operations, assists with the prioritization of detailed risk assessments, facilitates the grouping of assets into zones and conduits, and helps management allocate budgets and resources appropriately.
As the total number of people working from home has grown dramatically in the last year or two, so has the number of individuals who use all of their own technology for their jobs. If you're a remote worker who relies on your own PC to get your work done, then you may be at a heightened risk for some of the major threats that are impacting the computer industry as a whole.
Auth0 announced the Auth0 identity operating system, a cloud-native, adaptable platform for development teams. Built with extensible building blocks, the Auth0 identity OS enables organizations to manage the complexities of today's identity management, while also prioritizing the security, privacy, and convenience of their end users.
One of the most popular Russian-speaking hacker forums, XSS, has banned all topics promoting ransomware to prevent unwanted attention. XSS is a Russian-speaking hacking forum created to share knowledge about exploits, vulnerabilities, malware, and network penetration.
Moogsoft announced the launch of new product features and several updates, including extending integration capabilities to easily and openly connect disparate tools and data into a single source through the unique "Create Your Own Integration" and hybrid-cloud experiences; driving incident workflow automation to reduce toil using workflow auto close automation, tag aggregation and context, and automatic event enrichment; and making configuration and the lives of users even easier with secure credential store, data configuration overview and personalization. The new product features allow Moogsoft users to optimize productivity and focus time back on innovation.
SkyKick announced major upgrades to its Cloud Manager product that will further help ITSPs navigate the increasingly complex world of SMB cloud management. This Cloud Manager release brings significant automation capabilities to Cloud Command, Security, and Teams product areas to help ITSPs better manage and secure cloud customers.