Here’s an overview of some of last week’s most interesting news and articles:
Security, incident response, and forensics processes and personnel use code signing to weed out trusted code from untrusted code. To undermine a code signing implementation for a major OS would break a core security construct that many depend on for day to day security operations.
Patching is everyone’s responsibility whether they realize it or not. A successful patch program includes executive buy-in (not exceptions) and involves partnering with the business.
A vulnerability affecting GnuPG has made some of the widely used email encryption software vulnerable to digital signature spoofing for many years. The list of affected programs includes Enigmail and GPGTools.
The June 2018 updates fix 50 vulnerabilities, 12 of which are critical.
Zero Trust Security assumes that untrusted actors already exist both inside and outside the network. Trust must therefore be entirely removed from the equation. In this podcast, Barry Scott, CTO, EMEA at Centrify, talks about how you can secure every user’s access to apps, endpoints and infrastructure through single sign-on, multi-factor authentication and privileged access security.
According to new rules recently published by Apple, iOS app developers must refrain from creating a database of the information gleaned from users’ Contacts and to sell it on.
Google is shutting down an often used vector for delivering malicious Chrome extensions to users by removing the inline installation option.
In this podcast, Darron Gibbard, Chief Technical Security Officer EMEA at Qualys, discusses third-party risk and how it affects the GDPR compliance of your organization.
There is a simple reason for developers adopting the cloud and cloud-native application architectures. These “tools and methods” allow developers to accelerate innovation and feature delivery in the service of meeting business demands and keeping their enterprise competitive. While these tools and methods make noticeable improvements for DevOps teams, their new operational model creates security concerns and headaches for security practitioners.
Privacy and security online are one of the top concerns of Americans, especially after numerous massive data breaches (Equifax, Yahoo, Uber) that happened in the past couple of years.
CNIL, the French data protection authority, has decided to impose a 250,000 euro fine on Optical Center, a French company selling eye and hearing aids, because it failed to secure the data of customers that ordered products via its website.
The Tapplock one “smart” padlock, which received many rave reviews by tech-focused news sites and YouTubers, can be forced to open in under two seconds with a smartphone.
McAfee released a report detailing the numerous cybersecurity risks associated with blockchain-based cryptocurrencies, and asserts the necessity of making cybersecurity a top priority as industry builds out the foundations for the widespread implementation of blockchain technologies.
Dixons Carphone, the multinational electrical and telecommunications retailer that holds over 2,000 stores across the UK, Ireland and mainland Europe, has suffered a security breach.
Radware released its 2018 Executive Application and Network Security Report. For the first time in the survey’s five-year history, a majority of executives (53%) reported paying a hacker’s ransom following a cyber attack.
Net neutrality rules have been officially repealed in the US last Monday, as the Restoring Internet Freedom Order by the Federal Communications Commission went into effect.
VMware has fixed a critical remote code execution vulnerability in VMware AirWatch Agent for Android and Windows Mobile, and is urging users to upgrade to the newest versions of the software (8.2 and 6.5.2, respectively). The iOS version is not affected.
Whether accidental or intentional, an employee’s online activities can make or break a company’s cybersecurity strategy.
A rundown of infosec products released last week.
Source : https://www.helpnetsecurity.com/2018/06/17/week-in-review-digital-signature-spoofing-securing-microservices/