Security News

Soracom launched Soracom Arc, a service that allows anyone developing IoT solutions to leverage Soracom's IoT platform using any internet connection, including cellular, Wi-Fi, Ethernet, and satellite. Arc provides anyone developing IoT solutions secure access to the Soracom suite of 17 network and application services, including cloud integration, private networking, data optimization, secure remote access, and on-demand packet capture.

Actian announced the general availability of its new Zen V15 embedded database for mobile and IoT. Actian Zen V15 addresses the demanding needs of today's on-premise, cloud, mobile, and IoT application developers by providing persistent local and distributed data across intelligent applications deployed in enterprise, branch, and remote field environments. "Actian Zen V15 edge data management delivers against a broad and demanding set of requirements including leveraging a variety of hardware architectures, operating environments, networks, communications interfaces, and languages to offer comprehensive support, performance, and the flexibility modern enterprises need to stay competitive."

StrongBox Data Solutions introduced StrongLink 3.2, delivering increased levels of automation and performance to radically simplify data management. "StrongLink's new metadata-driven tools provide our researchers with maximum efficiency for data access and management across a large heterogeneous storage environment," said Carsten Schmitt, storage administrator at Deutsches Klimarechenzentrum GmbH. "StrongLink provides researchers with global access to their data with workflows they are accustomed to but in an open-standards-based architecture that eliminates proprietary vendor lock-in. This is a key requirement for building the Exabyte Data Archive system and minimizes the time needed to find or manage data across multiple classes of storage. The SBDS solution is helping DKRZ create a better environment to advance the state of the art of climate research."

A critical cross-site scripting bug impacts WordPress sites running the Frontend File Manager plugin and allows remote unauthenticated users to inject JavaScript code into vulnerable websites to create admin user accounts. The bug is one of six critical flaws impacting the WordPress plugin Front File Manager versions 17.1 and 18.2, active on more than 2,000 websites.

To select a suitable third-party risk management solution for your business, you need to think about a variety of factors. Third-party risk managers should review the goods or services their business provides, how third parties support different functions of the business, what processes they're involved in and what data they touch.

IDnow announces its participation in the IDunion network, which aims to build an open ecosystem for decentralised identity management. IDnow has joined forces with other industry experts through IDunion to drive a shared vision of digital identities that is aligned with European values and regulations.

Four security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems. The vendor has since rolled out fixes in recent releases for Sage X3 Version 9, Sage X3 HR & Payroll Version 9, Sage X3 Version 11, and Sage X3 Version 12 that were shipped in March.

Even with more businesses rolling out staff security awareness training programs to combat evolving cyber threats, over 90% of data breaches still stem from human error. Training courses are wrongly seen as a silver bullet - Regular training is vital for helping employees strengthen their security behaviour, but computer-based courses are just one tool for tackling human cyber risk.

Bitglass announced it has achieved ISO/IEC 27001:2013 certification for its information security management system supporting the Bitglass CASB system. ISO/IEC 27001 is an information security management system standard published by the International Organization for Standardization and the International Electrotechnical Commission.

David Smith and Bernard Wilson, the US Secret Service agents quoted in the report appendix also pointed to lack of identity management as an ingredient for data breaches in more companies: "Organizations that neglected to implement multi-factor authentication, along with virtual private networks, represented a significant percentage of victims targeted during the pandemic. The zero-trust model for access quickly became a fundamental security requirement rather than a future ideal." Zero trust starts with who you are authenticating and what they should have access to - otherwise called identity trust.