Security News
The success of contact tracing apps will then depend on the overall active uptake by users, and whether the big data analysts have got their figures right. "Numerous vulnerabilities have been discovered like BlueFrag, which affected IOS and Android." He also warns, "Contact tracing apps need to be regularly tested for vulnerabilities and critical updates must be deployed immediately. These apps must also be prohibited from activating smart assistants. People must limit the location settings to run only when approved and when in use."
Cyber attackers are increasingly leveraging web shell malware to get persistent access to compromised networks, the US National Security Agency and the Australian Signals Directorate warn. Attackers usually manage to deploy web shells by exploiting web application vulnerabilities, weak server security configuration, or by uploading to otherwise compromised systems.
Most antivirus software performs a "Real time scan" of unknown files saved to disk and, if considered suspicious, these files are either moved to a secure location to be quarantined, or deleted from the system. The issue, the researchers say, resides in the fact that there's a small time window between the file scan and the cleanup operation, and that almost all antivirus software performs operations with the highest level of authority within the operating system.
89% of IT professionals believe their company could be doing more to defend against cyberattacks, with 64% admitting they are not sure what AI/ML means - despite increased adoption at a global scale, Webroot reveals. With the UK currently in lockdown to tackle the spread of coronavirus, thousands more people are staying at home to work.
A small study found that security professionals are open to new solutions even as they rely on traditional vendors to protect their networks. Limited budgets may be blocking more experimentation with new security tactics; 45% of respondents listed small budgets as the top network admin challenge today.
Red Hat announced the general availability of Red Hat Enterprise Linux 8.2, the foundation for Red Hat's hybrid cloud portfolio. Red Hat Enterprise Linux can help intelligently detect, diagnose and address potential issues before they impact production, driven by advancements in Red Hat Insights.
CTERA, the edge-to-cloud file services leader, announced DevOps tools that allow enterprises to automate file services delivery on a global scale. The CTERA Software Development Kit for Python and the CTERA Ansible Collection enable engineers to rapidly provision hybrid cloud storage services across distributed topologies with thousands of edge locations, applications and users in just a few lines of code.
A never-before-seen remote access trojan has been discovered in a set of campaigns targeting the energy sector, with a slew of post-exploitation tools to log keystrokes, record footage from webcams and steal browser credentials. Researchers called the malware "PoetRAT" due to various references to sonnets by English playwright William Shakespeare throughout the macros, which was embedded in malicious Word documents that were part of the campaign.
The Shared Assessments Program issued "CCPA Privacy Guidelines & Checklists," the security and risk industry's first comprehensive set of best practices and tools to help organizations comply with the California Consumer Privacy Act. "As participants networked this past year to share ideas, best practices and pain points, the committee initiated a set of Privacy White Papers to help industry peers navigate and provide checklists to map their progress."
Many companies are offering free cybersecurity tools and resources to help organizations during the COVID-19 coronavirus outbreak. Tens of companies have announced over the past weeks that they are offering free tools and services to organizations impacted by the pandemic.