Security News

DevOps company GitLab on Thursday announced the acquisition of software security testing firms Peach Tech and Fuzzit in an effort to expand its DevSecOps offering. Seattle-based Peach Tech has developed two major products: Peach Fuzzer, which helps developers find vulnerabilities in their code, and Peach API Security, which provides automated security testing for web APIs.

Researchers with Positive Technologies say that a legacy standard known as GPRS Tunneling Protocol is the culprit behind security issues that will leave many of the early 5G networks open to attacks such as spoofing, man-in-the-middle, and denial of service. Introduced during the earliest upgrades to 2G broadband networks and used through the current 4G standard, GTP allows for data packet transfer between various wireless networks and carriers.

Cybersecurity, remote IT troubleshooting and cloud support will be the most sought-after skills for businesses in the months following the COVID-19 pandemic, according to a survey of CIOs and tech executives. In a survey of IT leaders from companies including Deloitte, Citi, Microsoft and Salesforce, 98% said cybersecurity talent would be "Extremely important" to businesses over the next six to 18 months as they entered the next phase of recovery from global lockdowns.

92% of Americans say they care about online safety and data privacy, yet a new report from iProov showed 44% polled shared passwords and mobile devices with their partners. "You wouldn't have the same key to your house, your car, and every building you ever need to go into. But it's also not possible to remember different passwords for every single site you use. So, Americans are recycling and sharing passwords because they want a convenient way to access their accounts. Biometric authentication is the modern replacement for keys."

At least that's according [PDF] to a Trend Micro whitepaper on the cost of criminal services, which says over the past five years the prices for botnet rentals and credit card numbers have taken a nosedive. "In 2015, generic botnets started selling at around $200 in Russian underground forums. Generic botnet prices today cost around $5 a day, and prices for builders start at $100," Trend said.

At least that's according [PDF] to a Trend Micro whitepaper on the cost of criminal services, which says over the past five years the prices for botnet rentals and credit card numbers have taken a nosedive. "In 2015, generic botnets started selling at around $200 in Russian underground forums. Generic botnet prices today cost around $5 a day, and prices for builders start at $100," Trend said.

Online business marketing courses, +54%.Free SEO course, +52%,.Online marketing courses, +49%.Online business courses, +49%. SEE: COVID-19: A guide and checklist for restarting your business. The ever-changing tech world is a popular arena in which to explore courses, with education outlets that offer free online tech classes to advance IT skills.

Utah, North Dakota and South Dakota were the first U.S. states to launch voluntary phone apps that enable public health departments to track the location and connections of people who test positive for the coronavirus. Nearly a month after Utah launched its Healthy Together app to augment the state's contact-tracing efforts by tracking phone locations, state officials confirmed Monday that they haven't done any contact tracing out of the app yet.

"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world." Demirkapi believes Trend's kernel driver is cheating on Microsoft's WHQL driver verification test: if the driver detects it is installed on a computer running the test, it alters its behavior to pass the examination, whereas outside the test, it would fail to meet Microsoft's quality standards.

"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world." Demirkapi believes Trend's kernel driver is cheating on Microsoft's WHQL driver verification test: if the driver detects it is installed on a computer running the test, it alters its behavior to pass the examination, whereas outside the test, it would fail to meet Microsoft's quality standards.