Security News
68 percent of respondents report investing their own free time, outside working hours to improve their cyber skills. 46 percent of organizations do not confirm new hire skills for specific roles and 40 percent rarely or never assess the skills of newly onboarded team members.
Qualys announced the immediate availability of Qualys Multi-Vector EDR. Taking a new multi-vector approach to Endpoint Detection and Response, Qualys now brings the unified power of its highly scalable cloud platform to EDR. "Qualys Multi-Vector EDR provides our Infosec team with actionable visibility into our endpoints in terms of detecting malicious hashes provided by intelligent agencies as well as detecting potential malicious attacks through authorized processes, to keep our company assets secure." "Unfortunately, not all organizations have such a focus. Nevertheless, weaving in threat intelligence enables Qualys to combine in-house context and vulnerability management-driven prioritization with external context, representing an opportunity to achieve something greater than the majority of the market to date," said Mark Child, research manager, European Security, IDC. "We are proud to deliver Multi-Vector EDR to customers and extend into the detection and response market," said Philippe Courtot, chairman and CEO of Qualys.
In the amicus brief it filed, Voatz suggests that only authorized security research should be considered lawful, but not independent security research, even if in good faith. "It is clear security research has tangibly improved the safety and security of systems we depend upon. It is not a given that this vital security work will continue. A broad interpretation of the CFAA would magnify existing chilling effects, even when there exists a societal obligation to perform such research," the letter reads.
About 70 members of the computer security community on Monday challenged US voting app maker Voatz's effort to dictate the terms under which bug hunters can look for code flaws. Earlier this month, Massachusetts-based Voatz filed an amicus brief in Van Buren v. United States, a case being heard by the US Supreme Court that will determine the scope of the US Computer Fraud and Abuse Act, a cybersecurity law long criticized for its ambiguity.
About 70 members of the computer security community on Monday challenged US voting app maker Voatz's effort to dictate the terms under which bug hunters can look for code flaws. Earlier this month, Massachusetts-based Voatz filed an amicus brief in Van Buren v. United States, a case being heard by the US Supreme Court that will determine the scope of the US Computer Fraud and Abuse Act, a cybersecurity law long criticized for its ambiguity.
British infosec accreditation body CREST has appointed an ex-police officer to investigate the NCC Group exam cheat-sheet scandal as its chairman temporarily steps aside. The accreditation body has been rocked by revelations from The Register that major industry player NCC Group's training material was leaked in a Github repo alongside cheat sheets to help candidates pass accreditation exams first time.
Offensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform. Elastic Security 7.9 delivers a major milestone toward endpoint security integrated into the Elastic Stack.
British infosec accreditation body CREST has suspended all of its accreditation exams after The Register revealed a published cache of files including what appeared to be internal exam sheets as well as docs apparently tied to key industry player NCC Group. We understand from sources that the security body has suspended all of its CREST Certified Infrastructure Tester and CREST Certified Web Application Tester exams for up to a month while their contents are reviewed.
Ericom Application Isolator separates corporate apps from unauthorized users to prevent ransomware. Ericom Software announced the introduction of Ericom Application Isolator, a new solution that integrates with existing remote access VPNs and Next Generation Firewalls to secure corporate applications and data from the security risks associated with excessive access rights inside a network.
Cybersecurity training organisation the SANS Institute suffered the loss of 28,000 items of personally identifiable information after a staffer's email account was accessed by malicious people. In a statement on its website, SANS said: "Aside from the affected user, we currently believe that no other accounts or systems at SANS were compromised."