What’s been happening recently in our areas of interest:
- Open Text Fortify Audit Assistant v2
Open Text released version 2 of Fortify Audit Assistant, a static application security testing (SAST) tool. Leverages data collected over ten years of static analysis for training predictive models to identify vulnerabilities and minimize false positives, includes language-specific models for deep analysis, splits the SaaS and on-premises models to increase data privacy for on-premises deployments, and considers exploitability of potential vulnerabilities in rankings. PRNewswire - Resecurity on election interference
Resecurity published a threat intelligence report on election interference, noting “a growing trend of malicious cyber-activity targeting sovereign elections globally.” With 2024 being a critical year for elections around the world (49% of the global population are due to vote during the year), election interference or influence is of significant concern. Various reports, including Resecurity’s one, have seen a doubling of activity targeting sovereign elections. Resecurity says – ” … threat actors aim to sow uncertainty about the integrity of elections via operations that aim to disrupt and manipulate public opinion globally. Unfortunately, these incidents remain complicated from an investigation perspective and are often imperceptible to the public. Amidst historic geopolitical volatility and uncertainty, marked by escalating conflicts throughout the Middle East and Eastern Europe, securing elections from hostile cyber-threats has become vital to the preservation of the global democratic order.” Resecurity - Anti-fraud features on Android devices
In Singapore, Google is piloting an anti-fraud feature on Android devices that blocks apps that demonstrate malicious behavior. Specifically, apps that request a certain list of permissions that are known to be exploited by phishing attacks. “This enhancement will inspect the permissions the app declared in real-time and specifically look for four runtime permission requests: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility. These permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on screen content. Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 percent of installations came from Internet-sideloading sources.” Google Security Blog - Proofpoint lays off 6% of workforce
Proofpoint, an email security vendor, trimmed 280 positions with the intent to move about half of the job roles to Argentina and Ireland by mid-2024. Driver was to cut management layers. Expectation is to end 2024 with the same number of employees as at the start of 2024. Bank Info Security
Leave a Reply