Security News
British infosec accreditation body CREST has appointed an ex-police officer to investigate the NCC Group exam cheat-sheet scandal as its chairman temporarily steps aside. The accreditation body has been rocked by revelations from The Register that major industry player NCC Group's training material was leaked in a Github repo alongside cheat sheets to help candidates pass accreditation exams first time.
Offensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform. Elastic Security 7.9 delivers a major milestone toward endpoint security integrated into the Elastic Stack.
British infosec accreditation body CREST has suspended all of its accreditation exams after The Register revealed a published cache of files including what appeared to be internal exam sheets as well as docs apparently tied to key industry player NCC Group. We understand from sources that the security body has suspended all of its CREST Certified Infrastructure Tester and CREST Certified Web Application Tester exams for up to a month while their contents are reviewed.
Ericom Application Isolator separates corporate apps from unauthorized users to prevent ransomware. Ericom Software announced the introduction of Ericom Application Isolator, a new solution that integrates with existing remote access VPNs and Next Generation Firewalls to secure corporate applications and data from the security risks associated with excessive access rights inside a network.
Cybersecurity training organisation the SANS Institute suffered the loss of 28,000 items of personally identifiable information after a staffer's email account was accessed by malicious people. In a statement on its website, SANS said: "Aside from the affected user, we currently believe that no other accounts or systems at SANS were compromised."
Fortinet unveiled the FortiGate 4400F, a firewall capable of securing 5G networks. The FortiGate 4400F is a hyperscale firewall, setting new milestones for Security Compute Ratings to deliver performance, scalability and security in a single appliance.
Some 3D printers can be flashed with firmware updates downloaded directly from the internet - and an infosec research firm says it has discovered a way to spoof those updates and potentially make the printer catch fire. Research from the appropriately named Coalfire biz claimed printers from Chinese company Flashforge could be abused through crafted updates that bypass safety features built into the devices' firmware.
McAfee MVISION Cloud now maps threats to MITRE ATT&CK. With the introduction of ATT&CK into McAfee MVISION Cloud, there is no longer the need to manually sort and map incidents to a framework like ATT&CK or to learn and operationalize a separate framework for cloud threats and vulnerabilities, which can be cumbersome and time consuming - especially as cloud-native threats become more abundant. Amazon Fraud Detector is a fully managed service that makes it easy to quickly identify potentially fraudulent online activities like online payment and identity fraud.
Neal Krawetz, a computer forensics expert, has published details on how to detect Tor bridge network traffic that he characterizes as "Zero-day exploits"... which the Tor Project insists are nothing of the sort. Typically, users slide into the Tor network through a publicly listed entry relay, though they may choose to join via a bridge relay, or bridge for short, to avoid IP-based detection and censorship.
Nearly half of British university staff say they have received no cybersecurity training, according to a recent survey. 46 per cent of staff received no training at all, while one Russell Group uni said that just 12 per cent of its staff had received "Any" training in infosec matters.