Cybersecurity News & Analysis | SC Media | Info Security News Security News

Security News

SC Podcast: On the web, who’s a bot and who’s a person

The saying goes: “On the internet, nobody knows you’re a dog.” But the more apt expression in this day and age might be “nobody knows you’re a bot.” Bots are becoming increasingly human-like, which presents a significant challenge to security professionals, website owners and social media network operators seeking to distinguish malicious and inauthentic bot…

RSA 2020: Equifax CISO touts company’s transparency it as seeks breach redemption

Fresh off a financial settlement over its 2017 data breach that affected roughly half the U.S. population, Equifax is forging ahead with a $1 billion-plus investment in a new security plan — and CISO Jamil Farshchi was eager to tout the credit reporting agency’s progress so far in a session this week at the RSA…

The winners of the 2020 SC Awards Honored in the U.S.

Trust AwardBest Authentication TechnologyForgeRockForgeRock Identity Platform All journeys have a beginning, middle and an end, and it’s the job of the ForgeRock Identity Platform to ensure that every authentication journey, from start to finish, remains safe for the client and easy for the user. The platform’s Intelligent Authentication feature delivers the unique ability to visually map user authentication journeys with a drag-and-drop interface…

Iran maintaining on-going cyber efforts, no response yet to Soleimani killing

Iranian cyberespionage operations are continuing at a steady pace, but so far no reaction has been spotted in response to the January U.S. drone strike that killed Iranian Gen. Qasem Soleimani. Almost two months has passed since the Jan. 2, 2020 attack, Secureworks is only noting the continuation of previously implemented espionage operations from Iran/…

ConeyIslandHospital

Munson Healthcare data breach exposes PHI

The northern-Michigan based Munson Healthcare group reported several employee email accounts were hacked and being accessed for two and a half months last year exposing PHI. The breach was discovered on January 16, 2020 and the investigation into the incident revealed the email accounts in question were being accessed by an outside source between July…

Clearview AI client list breached

The facial recognition company Clearview AI is informing customers that a hacker stole its entire client list. Clearview AI gained unwanted notoriety earlier this year when it was disclosed that the company was obtaining billions of photos by scraping the internet for use by law enforcement agencies. Now the company has sent a notification to…

patch flaw vulnerability

ZyXEL NAS devices receive critical firmware patch

The Software Engineering Institute CERT Coordination Center advised that several ZyXEL network-attached storage devices contain a pre-authentication command injection vulnerability. CVE-2020-9054, if exploited, could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. The problem is it uses the weblogin.cgi CGI executable for authentication and that program fails to properly sanitize…

Next post in Vulnerabilities