Security News

Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team of experts that New Hampshire...

In early March, a Boston-based vote-counting firm called Clear Ballot Group sent a bid to Arizona's state Senate to audit the 2020 presidential election results in Maricopa County. Instead, the state Senate hired a small Florida-based cybersecurity firm known as Cyber Ninjas that had not placed a formal bid for the contract and had no experience with election audits.

How far the company, Colonial Pipeline, went to address the vulnerabilities isn't clear. Colonial said it initiated the restart of pipeline operations on Wednesday afternoon and that it would take several days for supply delivery to return to normal.

Adlumin announced that its platform will now integrate directly with Google Workspace, giving customers the ability to ingest crucial audit logs from their Google Workspace domains. Google Workspace is a suite of secure, cloud-native collaboration and productivity apps powered by Google AI and has become a viable competitor to Office365.

With the announcement today, Sysdig launched the first runtime security detection and response solution for AWS Fargate that provides detailed audit logs to respond to incidents. Sysdig's runtime detection for AWS Fargate is based on open source Falco, the runtime security tool created by Sysdig and contributed to the Cloud Native Computing Foundation.

85% of companies completed their audits as planned or with an extension, and 60% had no change to audit timing. Organizations conduct multiple audits as disjointed, redundant projects.

Docker Bench for Security is a simple way of checking for common best practices around your Docker deployments in production. One such tool is a pre-built container, called Docker Bench for Security-it does a great job of auditing your container host and the currently running deployments.

The open-source SecureDrop Workstation has undergone a security makeover after a third-party security audit flagged multiple problems, including a high-risk bug that could allow an attacker to plant files on target machines. The SecureDrop Workstation audit, conducted by Trail of Bits and financed by the New York Times, warned that the high-risk directory traversal bug could be leveraged for code execution attacks.

Internal audit's ongoing digital transformation will rapidly accelerate in 2021, with 22% of respondents reporting that they will implement cloud-based technology this year, resulting in a majority of internal audit teams using a cloud-based audit management or GRC software solution for the first time, an AuditBoard survey reveals. "Many internal audit teams that have not yet shifted to a cloud approach are now set to reap the benefits of modernization - including gaining greater bandwidth for strategic, value-add activities - and will be better positioned to protect their organizations from new and emerging risks," said John Reese, AuditBoard's CMO. "They'll also get to equal footing with other functions within their organization who have already made the move to cloud-based solutions."

A study of 299 internal audit organizations showed that the function faced both declining budgets and a significantly expanded workload in 2020, according to Gartner. "For many heads of audit, it's not clear where the extra capacity is going to come from," said Margaret Moore Porter, managing vice president in the Gartner Audit practice.