Security News

Elastic announced the launch of Elastic Enterprise Search on Elastic Cloud. Elastic Enterprise Search is a suite of search products that dramatically simplifies the process of creating enterprise-grade search experiences for both customer- and employee-facing search applications.

The anti-secrecy group dubbed the release "Vault 7," and U.S. officials have said it was the biggest unauthorized disclosure of classified information in the CIA's history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the spy agency's techniques. The October 2017 report by the CIA's WikiLeaks Task Force, several pages of which were missing or redacted, portrays an agency more concerned with bulking up its cyber arsenal than keeping those tools secure.

A specialized CIA unit that developed hacking tools and cyber weapons didn't do enough to protect its own operations and wasn't prepared to respond when its secrets were exposed, according to an internal report prepared after the worst data loss in the intelligence agency's history. Sen. Ron Wyden, D-Ore., a senior member of the Senate Intelligence Committee, obtained the redacted report from the Justice Department after it was introduced as evidence in a court case this year involving stolen CIA hacking tools.

An overwhelming majority of organizations prioritize software quality over speed, yet still experience customer-impacting issues regularly, according to OverOps. The report, based on a survey of over 600 software development and delivery professionals, revealed that the current level of DevOps investment is not sufficient for ensuring software reliability.

IAR Systems, the future-proof supplier of software tools and services for embedded development, announces that its extensive product portfolio of embedded development tools is now extended with build tools supporting implementation in Linux-based frameworks for automated application build and test processes. This flexibility is now extended to the build environment as the well-known build tools in IAR Embedded Workbench now support Linux.

The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan to attack governmental targets. According to ESET researchers, ComRAT is one of Turla's oldest weapons, released in 2007 - but the firm found that Turla used an updated version in attacks against at least three targets earlier this year: Two Ministries of Foreign Affairs and a national parliament.

In December 2018, the Australian government passed the Telecommunications Access and Assistance Act, which allows the Australian government to compel cooperation and surveillance assistance from companies. Local use of the Wickr Pro/business platform increased by 200%. In Russia, in May 2019 when the sovereign internet law was signed, tightening Moscow's grip on internet communications, use of Wickr again increased by 200%. It seems likely from these figures that the primary motivation for adopting secure collaboration platforms is concern over government interference in privacy.

GhostDNS is used to compromise a wide range of routers to facilitate phishing - perhaps more accurately, pharming - for banking credentials. Malvertising allows the EK to directly attack the router from a computer that uses the router.

Swimlane, an industry leader in security orchestration, automation and response announced the launch of the Swimlane Analyst Hub as a way to aggregate its open-source and developer tools and content for security analysts. Swimlane's Deep Dive team will continue to enhance and add additional open-source tools on the Analyst Hub.

The U.S. Department of Homeland Security and Federal Bureau of Investigation have exposed what they say are hacking tools used by the North Korean-sponsored APT group Hidden Cobra. The tools included in the documentation allow Hidden Cobra to perform nefarious tasks such as remotely take over systems and steal information as well as install spyware on targeted systems to perform espionage activities.