Security News

Most antivirus software performs a "Real time scan" of unknown files saved to disk and, if considered suspicious, these files are either moved to a secure location to be quarantined, or deleted from the system. The issue, the researchers say, resides in the fact that there's a small time window between the file scan and the cleanup operation, and that almost all antivirus software performs operations with the highest level of authority within the operating system.

89% of IT professionals believe their company could be doing more to defend against cyberattacks, with 64% admitting they are not sure what AI/ML means - despite increased adoption at a global scale, Webroot reveals. With the UK currently in lockdown to tackle the spread of coronavirus, thousands more people are staying at home to work.

A small study found that security professionals are open to new solutions even as they rely on traditional vendors to protect their networks. Limited budgets may be blocking more experimentation with new security tactics; 45% of respondents listed small budgets as the top network admin challenge today.

Red Hat announced the general availability of Red Hat Enterprise Linux 8.2, the foundation for Red Hat's hybrid cloud portfolio. Red Hat Enterprise Linux can help intelligently detect, diagnose and address potential issues before they impact production, driven by advancements in Red Hat Insights.

CTERA, the edge-to-cloud file services leader, announced DevOps tools that allow enterprises to automate file services delivery on a global scale. The CTERA Software Development Kit for Python and the CTERA Ansible Collection enable engineers to rapidly provision hybrid cloud storage services across distributed topologies with thousands of edge locations, applications and users in just a few lines of code.

A never-before-seen remote access trojan has been discovered in a set of campaigns targeting the energy sector, with a slew of post-exploitation tools to log keystrokes, record footage from webcams and steal browser credentials. Researchers called the malware "PoetRAT" due to various references to sonnets by English playwright William Shakespeare throughout the macros, which was embedded in malicious Word documents that were part of the campaign.

The Shared Assessments Program issued "CCPA Privacy Guidelines & Checklists," the security and risk industry's first comprehensive set of best practices and tools to help organizations comply with the California Consumer Privacy Act. "As participants networked this past year to share ideas, best practices and pain points, the committee initiated a set of Privacy White Papers to help industry peers navigate and provide checklists to map their progress."

Many companies are offering free cybersecurity tools and resources to help organizations during the COVID-19 coronavirus outbreak. Tens of companies have announced over the past weeks that they are offering free tools and services to organizations impacted by the pandemic.

While many companies are beginning to migrate security tools to the cloud, a significant number have concerns, a survey by Exabeam reveals. Typically, organizations migrate security tools to the cloud to minimize the resources and overhead associated with owning and maintaining on-premises equipment and software.

The cybersecurity firm told SecurityWeek that its Mandiant Intelligence team tracks nearly 100 tools that can be used to exploit vulnerabilities in ICS or interact with industrial equipment in an effort to support intrusions or attacks. Of the ICS hacking tools tracked by FireEye - the company calls them ICS cyber operation tools - 28% are designed for discovering ICS devices on a network and 24% for software exploitation.