Category Archives: NEWS & INDUSTRY

Chef Launches New Version for DevSecOps Automated Compliance

Chef Software has announced the latest version of its InSpec compliance automation platform for DevSecOps. InSpec provides an open source high-level language to share security and compliance rules between development, security, and operations engineers. Compliance can be with internal security policy, infrastructure provisioning, and external regulatory requirements.

read more

Major Browsers to Kill TLS 1.0, 1.1

All major web browsers will deprecate support for the older Transport Layer Security (TLS) 1.0 and 1.1 traffic encryption protocols in the first half of 2020.

Apple, Google, Microsoft and Mozilla on Monday announced plans to kill the protocol in their browsers to provide users with better security.

read more

SecurityWeek RSS Feed: New IBM Security Platform Connects Data, Tools From Several Vendors

IBM Security on Monday unveiled a new cloud-based platform that combines the company's own capabilities with data, applications and tools from more than a dozen other vendors.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: Web Isolation Firm Garrison Technologies Raises $30 Million

London, UK-based Garrison Technologies has raised £22.9 million (approximately $30 million) in Series B funding, bringing the total raised £34.9 million (around $50 million at current exchange rates). The funding was led by Dawn Capital, with participation from existing investors IP Group plc, BGF and NM Capital.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: Tech Giants Concerned About Australia’s Encryption Laws

Cyber law changes proposed in Australia specifically state that companies will not be required to implement encryption backdoors, but tech giants are still concerned that the current form of the legislation is too vague and leaves a lot of room for interpretation.

read more



SecurityWeek RSS Feed

Tech Giants Concerned About Australia’s Encryption Laws

Cyber law changes proposed in Australia specifically state that companies will not be required to implement encryption backdoors, but tech giants are still concerned that the current form of the legislation is too vague and leaves a lot of room for interpretation.

read more

SecurityWeek RSS Feed: Facebook Purges 251 Accounts to Thwart Deception

Facebook on Thursday said it shut down 251 accounts for breaking rules against spam and coordinated deceit, some of it by ad farms pretending to be forums for political debate.

The move came as the leading social network strives to prevent the platform from being used to sow division and spread misinformation ahead of US elections in November.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: First GDPR Enforcement is Followed by First GDPR Appeal

In what has been billed as the world's first GDPR action, the UK regulator -- the Information Commissioner's Office (ICO) -- quietly issued an enforcement notice against Canadian firm AggregateIQ Data Services Ltd (AIQ). It is a low-key affair. Although the enforcement notice was issued on 6 July 2018, the notice was not and has not been placed on the ICO's enforcement action page.

read more



SecurityWeek RSS Feed

First GDPR Enforcement is Followed by First GDPR Appeal

In what has been billed as the world's first GDPR action, the UK regulator -- the Information Commissioner's Office (ICO) -- quietly issued an enforcement notice against Canadian firm AggregateIQ Data Services Ltd (AIQ). It is a low-key affair. Although the enforcement notice was issued on 6 July 2018, the notice was not and has not been placed on the ICO's enforcement action page.

read more

KnowBe4 Brings Artificial Intelligence to Security Awareness Training

It seems that you cannot have a new security product without a machine learning component. It makes sense. Machine learning recognizes patterns and returns probabilities. Risk, and cyber security is all about risk, is also about patterns and probabilities. Binary security is beginning to look a bit old.

read more

Google Says Social Network Bug Exposed Private Data

Google announced Monday it is shutting down the consumer version of its online social network after fixing a bug exposing private data in as many as 500,000 accounts.

The US internet giant said it will "sunset" the Google+ social network for consumers, which failed to gain meaningful traction after being launched in 2011 as a challenge to Facebook.

read more

SecurityWeek RSS Feed: Google Says Social Network Bug Exposed Private Data

Google announced Monday it is shutting down the consumer version of its online social network after fixing a bug exposing private data in as many as 500,000 accounts.

The US internet giant said it will "sunset" the Google+ social network for consumers, which failed to gain meaningful traction after being launched in 2011 as a challenge to Facebook.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: UK, US Security Agencies Deny Investigating Chinese Spy Chips

The U.S. Department of Homeland Security (DHS) and the U.K. National Cyber Security Centre (NCSC) have denied investigating the presence of Chinese spy chips in Supermicro servers, as claimed by a bombshell report published last week by Bloomberg.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: The DNC Hacker Indictment: A Lesson in Failed Misattribution

Reading legal documents is not something I usually enjoy. The Muller indictment of the Russian DNC hackers was different - the amount of detail revealed in the document stunned me, and suggests that the US had very deep visibility into the hackers’ operations. In this article I am not going to look at the details of the hacking or phishing attacks used.

read more



SecurityWeek RSS Feed

UK, Australia Blame Russia for Bad Rabbit, Other Attacks

The United Kingdom and Australia have officially blamed Russia for several high profile attacks, including the Bad Rabbit ransomware campaign.

A statement published by the U.K. government on Wednesday reveals that the country’s National Cyber Security Centre (NCSC) has linked several cyber threat actors to Russia’s GRU military intelligence service.

read more

Facebook Says No Apps Were Accessed by Hackers

Facebook has shared another update on the hacker attack disclosed last week. The social media giant says there is no evidence that the attackers accessed any third-party apps.

Facebook revealed on September 28 that it had reset the access tokens for 90 million accounts, including 50 million that were directly impacted and 40 million deemed at risk.

read more

SecurityWeek RSS Feed: Passcode Bypass Method Exposes Photos, Contacts on iPhone XS

An iPhone enthusiast has disclosed yet another method for bypassing the iPhone lockscreen. The latest technique has been confirmed to work on the new iPhone XS running the latest version of Apple’s mobile operating system, iOS 12.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: Man Sentenced to Prison for ATM Jackpotting

A 22-year-old man from Springfield, Massachusetts, has been sentenced to prison for his role in an ATM jackpotting scheme.

Argenys Rodriguez will spend 12 months and one day in prison, followed by two years of supervised release. He has also been ordered to pay over $121,000 in restitution.

read more



SecurityWeek RSS Feed

Chronicle Unveils VirusTotal Enterprise

Chronicle on Thursday announced VirusTotal Enterprise, a new platform that combines existing VirusTotal capabilities with expanded functionality and new features to help organizations protect their networks.

Chronicle is a subsidiary of Google's parent company, Alphabet Inc. VirusTotal became part of Chronicle in January 2018.

read more

Researchers Find ‘Authentication Weakness’ in Apple’s Device Enrollment Program

Researchers from Duo Security have discovered a vulnerability (it calls it an 'authentication weakness') in Apple's Device Enrollment Program (DEP). The flaw was reported to Apple in May 2018. It is not considered to be a major flaw, but could potentially have serious consequences. SecurityWeek has asked Apple if it has or plans to patch or fix the issue.

read more

Senate Committee Approves Several Cybersecurity Bills

The U.S. Senate Committee on Homeland Security and Governmental Affairs on Wednesday voted to approve several cybersecurity bills, including ones related to incident response, supply chain security, the government’s cyber workforce, and safeguarding federal information systems.

read more

Accounting Firm Moss Adams Acquires Cybersecurity Firm AsTech

Moss Adams (an accounting firm founded 105 years ago) has merged in AsTech Consulting (a cyber risk management firm founded 11 years ago). Moss Adams is the thirteenth largest tax company in the U.S., and the leading firm on the West Coast. AsTech is a successful West Coast tech firm that counts the nation's third largest bank among its clients.

read more

SecurityWeek RSS Feed: Rapid7 Adds Automation, Orchestration Capabilities to Insight Platform

Rapid7 announced on Thursday that its Insight Platform now features automation and orchestration capabilities through a new tool called InsightConnect.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: Click2Gov Attacks on U.S. Cities Attributed to Previously Unknown Group

A previously unknown financially motivated threat group is believed to be behind a series of attacks whose goal was to obtain payment card data from U.S. cities relying on Click2Gov software for utility bill payments.

read more



SecurityWeek RSS Feed