Security News > 2021
"People had to gather on the street and share the information," the car rental salesman told AFP. Myanmar did not have easily available internet until about 2013, when a state monopoly on telecommunications ended and international companies began offering affordable sim cards. In terms of getting online, Myanmar netizens have managed to skirt the social media blocks by using virtual private networks.
Palo Alto Networks has described its $156m buy of cloudy DevSecOps biz Bridgecrew as a "Key bet" at a time when the world has never been more reliant on off-premises computing. The buyout was made public early yesterday evening, and Palo Alto said Bridgecrew's "Developer-first infrastructure-as-code security platform" sits well with its Prisma public cloud security product.
The OpenSSL Project on Tuesday announced the availability of patches for three vulnerabilities, including two that can be exploited for denial-of-service attacks and one related to incorrect SSLv2 rollback protection. The flaw was reported to OpenSSL developers by Google Project Zero researcher Tavis Ormandy and it has been patched with the release of OpenSSL 1.1.1j. Versions 1.1.1i and earlier are impacted.
"In my experience, this is due to the 'I'm from Security and I'm here to save you' mentality that continues to pervade the security industry, and the only way to overcome this is with a big bucket of humility," he noted. "Security has not actually spent the last 20 years doing a good job of 'security things' and we do not have a strong position to say that we have all of the answers. I know that it sounds relatively simplistic, but it really is a case of taking the path of the beginner's mind and working with developers, operators, and DevOps staff to learn their perspective and then apply domain-specific security knowledge."
While it sounds impossible, the same technological approach that helped index the entire Web can come in handy: a knowledge graph - similar to what powers Google Search - is an ideal technology foundation to make a generational leap in threat detection and response. To address these challenges, organizations are starting to use knowledge graphs and other advances including ML-led threat analysis, incorporation of threat hunting expertise, and better data management.
NIST logged more than 18,000 vulnerabilities in 2020, over 10,000 of which were critical or high severity - an all-time high. CVEs in 2020 More security vulnerabilities were disclosed in 2020 than in any other year to date - at an average rate of 50 CVEs per day.
A severe security vulnerability in a popular video calling software development kit could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research team today, which found the aforementioned flaw in Agora.io's SDK used by several social apps such as eHarmony, Plenty of Fish, MeetMe, and Skout; healthcare apps like Talkspace, Practo, and Dr. First's Backline; and in the Android app that's paired with "Temi" personal robot.
Security analysts are becoming less productive due to widespread "Alert fatigue" resulting in ignored alerts, increased stress, and fear of missing incidents, according to an IDC survey of 350 internal and MSSP security analysts and managers. "To solve these challenges, analysts are asking for advanced automation tools, like Extended Detection and Response, which can help reduce the fear of missing incidents while strengthening their SOC's cybersecurity posture."
A report by ENISA and JRC sheds light on the cybersecurity risks linked to the uptake of AI in autonomous vehicles, and provides recommendations to mitigate them. "It is important that European regulations ensure that the benefits of autonomous driving will not be counterbalanced by safety risks. To support decision-making at EU level, our report aims to increase the understanding of the AI techniques used for autonomous driving as well as the cybersecurity risks connected to them, so that measures can be taken to ensure AI security in autonomous driving," said JRC Director-General Stephen Quest.
A research study conducted by Deep Instinct reports on the hundreds of millions of attempted cyberattacks that occurred every day throughout 2020 showing malware increased by 358% overall and ransomware increased by 435% as compared with 2019. Report highlights Distribution of Emotet malware skyrocketed in 2020 by 4,000%.