Security News > 2021

We went from tools such as autossh, to configuration management, and ended up with Infrastructure as Code concepts. Improving the insight into the state of infrastructure security for developers, system administrators and security teams is an objective that Accurics tries to reach with their software offering.

"Breaches of personal information strike at the heart of the relationship between enterprises and their customers. Encryption is at the foundation of data protection, and when organizations don't prioritize protecting customer personal information, they raise enterprise risk of lost business and reputation," said John Grimm, vice president of strategy at Entrust. Protection of customer information, protection against specific, identified threats, and protection of intellectual property all rank higher than compliance, which now sits at 45%. The complexity of managing encryption and keys in 2021.

With increasing dependence on third parties in today's interconnected world, vendor security risk assessments are more essential than ever. Failing to do them may result in hefty regulatory fines, legal fees, lost business and reputational damage.

For most organizations today, endpoint protection is the primary security concern. The eBook, titled Why Autonomous XDR is Going to Replace NGAV/EDR, starts with a look at how NGAV and EDR tools can defend an organization with the "Assume breach" mentality - expecting a breach to occur and protecting endpoints from extended breach incidents.

As organizations shifted focus to support remote work and business continuity amid the challenges of 2020, web application security suffered, according to an Invicti Security report. Medium-severity vulnerabilities such as denial-of-service, host header injection, and directory listing, remained present in 63% of web apps in 2020, holding flat from 2019.

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike other operators who set about their task by infiltrating the ad-tech ecosystem using "Convincing personas" to buy space on legitimate websites for running the malicious ads, Tag Barnakle is "Able to bypass this initial hurdle completely by going straight for the jugular - mass compromise of ad serving infrastructure," said Confiant security researcher Eliya Stein in a Monday write-up.

A research Qualtrics reveals what employees and customers want their experiences to look like in the future of work. This study, which examined the experiences and feelings of more than 4,000 workers around the world, illustrates that work preferences are continually shifting and the future of work will look different for everyone.

The number of users of software-based facial recognition to secure payments will exceed 1.4 billion globally by 2025, from just 671 million in 2020, a Juniper Research study reveals. This rapid growth of 120% demonstrates how widespread facial recognition has become; fuelled by its low barriers to entry, a front-facing camera and appropriate software.

HID Global announced the general availability WorkforceID Authentication, the latest addition to its cloud platform for creating a seamless, effortless experience for issuing, managing and using identity credentials in physical and digital workplaces. "A person's identity has become the new security perimeter in a hybrid workplace that now extends from home to the office and everywhere in between," said Julian Lovelock, VP Global Business Segment, IAM, with HID Global.

Civil liberties groups are asking the Supreme Court to give the public access to opinions of the secretive court that reviews bulk email collection, warrantless internet searches and other government surveillance programs. The groups say in an appeal filed with the high court Monday that the public has a constitutional right to see significant opinions of the Foreign Intelligence Surveillance Court.