Security News

Deepwatch Lens Score: SecOps maturity planning and benchmarking. Splunk helps security teams modernize and unify their security operations in the cloud.

Insider threats, ransomware and cyber espionage were all in decline in the early part of 2020, according to the EU's cybersecurity agency - though the risk of an "Uncontrolled cyber arms race" among nation states is growing. The EU Agency for Cybersecurity said in its annual report issued today that those three categories of cyber threat were in decline up until April this year when COVID-19-related lockdowns began.

Cyborg Security launches HUNTR platform to help orgs tackle cyber threats. Cyborg Security's HUNTR platform provides advanced and contextualized threat hunting and detection packages containing behaviorally based threat hunting content, threat emulation, and detailed runbooks, supplying organizations what they need to evolve their security analysts into skilled hunters.

Hackney Council in East London has declared that it was hit by a "Cyberattack" - but both the authority and officials from the National Cyber Security Centre remain tight-lipped about what actually happened. In a statement published on the council website this morning, local mayor Philip Glanville said: "Hackney Council has been the target of a serious cyberattack, which is affecting many of our services and IT systems."

Checkmarx announced a new GitHub Action to bring comprehensive, automated static and open source security testing to developers. APIsec provides a 100% automated and continuous API security testing platform that eliminates the need for expensive, infrequent, manual pen-testing.

A voice-activated TV remote can be turned into a covert home surveillance device, according to researchers from infosec firm Guardicore who probed the device to show that a man-in-the-middle attack could compromise it. Guardicore discovered an attack vector on US telco giant Comcast's Xfinity XR11 voice remote - of which around 18 million units have been sold - that allowed malicious people to turn it into an eavesdropping device.

Fleek launches Space, an open source, private file storage and collaboration platform. Space's mission is to enable a fully private, peer to peer file and work collaboration experience for users.

The deputy chief executive of Singapore's Cyber Security Agency, Brigadier General Gaurav Keerthi, says the island nation now considers providing a secure environment to citizens and businesses the equivalent of providing fresh water and sewerage services, and will next week improve digital hygiene with a voluntary "Cybersecurity Labelling Scheme" that will rate consumer broadband gateways. Speaking at the Black Hat Asia conference in Singapore today, Keerthi explained that it's his job to defend Singapore from cyber-threats.

CISA orders federal agencies to implement Zerologon fixIf you had any doubts about the criticality of the Zerologon vulnerability affecting Windows Server, here is a confirmation: the US Cybersecurity and Infrastructure Security Agency has issued an emergency directive instructing federal agencies to "Immediately apply the Windows Server August 2020 security update to all domain controllers." NIST guide to help orgs recover from ransomware, other data integrity attacksThe National Institute of Standards and Technology has published a cybersecurity practice guide enterprises can use to recover from data integrity attacks, i.e., destructive malware and ransomware attacks, malicious insider activity or simply mistakes by employees that have resulted in the modification or destruction of company data.

Infosec boffins at the University of Kent have developed a "Comprehensive playbook" for companies who, having suffered a computer security breach, want to know how to shrug off the public consequences and pretend everything's fine. In a new paper titled "A framework for effective corporate communication after cyber security incidents," Kent's Dr Jason Nurse, along with Richard Knight of the University of Warwick, devised a framework for companies figuring out how to publicly respond to data security breaches and similar incidents where servers are hacked and customer records end up in the hands of criminals.