Senators ask DHS to assess the potential VPN data threat from China, Russia

Security Digest Information security news and advice from TechTarget's network| February 13, 2019 FEATURED STORY Senators want potential VPN threat investigated by DHS by Michael Heller, Senior Reporter Two senators called on the Department of Homeland Security to investigate the possibility that VPNs are allowing valuable information to be routed to foreign adversaries. (SearchSecurity.com) Advertisement NEWS   Gartner: Expanding SOC capabilities a priority for enterprises Reinvesting in SOCs and crafting clear risk appetite statements made the list of Gartner's top security and risk management trends. Experts sound off on what's driving these trends. (SearchSecurity.com)   Apple releases FaceTime patch and iOS zero-day fixes New bug fix releases for both iOS and macOS include the anticipated FaceTime patch for the serious eavesdropping flaw in group chats as well as fixes for two iOS zero-days. (SearchSecurity.com)   Defense Department eyes behavioral biometrics with new contract The Department of Defense awards a $2.4 million contract to Twosense.AI in order to create a behavioral biometrics system that can replace the current ID card system. (SearchSecurity.com)   Google's Mark Risher: New types of 2FA are 'game changers' Google's head of account security, Mark Risher, discusses the various types of 2FA and how new options of WebAuthn and U2F are going to be game changers for enterprise. (SearchSecurity.com)   MongoDB security head addresses database exposures Davi Ottenheimer, MongoDB's head of product security, discusses his company's efforts to prevent accidental database exposures and why so many misconfigurations occur. (SearchSecurity.com)   'SpeakUp' backdoor Trojan could spell further trouble for Linux servers Check Point Research explains why SpeakUp, the new Trojan targeting Linux servers, has the potential to unleash more harm and offers pointers on how to defend against such malware.  (SearchSecurity.com) EXPERT ADVICE   How to create a more effective application security program To mitigate software-related security risks, fine-tune your application security program to get the right people involved, document your standards and manage your weak points. (SearchSecurity.com)   More Ghostscript vulnerabilities, more PostScript problems Researchers keep finding PostScript interpreter bugs. Find out how a new Ghostscript vulnerability enables remote code execution against web services and Linux desktop users. (SearchSecurity.com)   Is there a viable breach notification tool? A breach notification tool from Firefox Monitor and Have I Been Pwned could help consumers understand more quickly if their email or other vital information has been hacked. (SearchSecurity.com)   Vet third-party apps to reduce supply chain threats Enterprises are more vulnerable than ever before to supply chain threats from third-party apps and modules. Last fall's compromised NPM package is one cautionary tale.  (SearchSecurity.com)   Should large enterprises add dark web monitoring to their security policies? Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find.  (SearchSecurity.com)   The security implications of serverless cloud computing Cloudflare Workers is new for serverless cloud computing and introduces benefits and drawbacks for security professionals. Expert Ed Moyle discusses the security side of serverless. (SearchCloudSecurity.com)   5-step checklist for web application security testing This five-step approach to web application security testing with documented results will help keep your organization's applications free of flaws. (SearchSecurity.com)   USB attacks: Big threats to ICS from small devices USB devices can carry malware that can wreak havoc on industrial control systems. Expert Ernie Hayden explores the history of USB attacks and possible mitigations.  (SearchSecurity.com)   Risk & Repeat: Apple restores enterprise certificates for Facebook, Google This week's Risk & Repeat podcast looks at Apple's decision to temporarily revoke Facebook's and Google's enterprise certificates following reports of questionable app activity.  (SearchSecurity.com)   How did the Python supply chain attack occur? A Python supply chain attack made it possible for an attacker to steal cryptocurrency. What steps should be taken to prevent incidents like this?  (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2019 TechTarget. All rights reserved.