Week in review: Kali Linux 2020.4, AWS Network Firewall, speeding up malware analysis

Here’s an overview of some of last week’s most interesting news, reviews and articles:

Kali Linux 2020.4 released: New default shell, fresh tools, and more!
Offensive Security has released Kali Linux 2020.4, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it.

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs
Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive information on an affected system.

How do I select a security assessment solution for my business?
To select a suitable security assessment solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Researchers break Intel SGX by creating $30 device to control CPU voltage
Researchers at the University of Birmingham have managed to break Intel SGX, a set of security functions used by Intel processors, by creating a $30 device to control CPU voltage.

How to speed up malware analysis
The goal of malware analysis is to research a malicious sample: its functions, origin, and possible effects on the infected system. This data allows analysts to detect malware, react to the attack effectively, and enhance security.

Multi-cloud environments leaving businesses at risk
Businesses around the globe are facing challenges as they try to protect data stored in complex hybrid multi-cloud environments, from the growing threat of ransomware, according to a Veritas Technologies survey.

Cisco Webex vulnerabilities may enable attackers to covertly join meetings
Cisco has fixed three bugs in its Cisco Webex video conferencing offering. The flaws were discovered by IBM researchers, after the company’s research department and the Office of the CISO decided to analyze their primary tool for remote meetings.

How a move to the cloud can improve disaster recovery plans
Bad actors are well aware that endpoints are not being maintained at the same level as pre-pandemic, and they are more than willing to take advantage.

VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator
VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful of serious security holes.

Review: Group-IB Fraud Hunting Platform
In this review, we will take a close look at the Fraud Hunting Platform (FHP) developed by Group-IB, which helps web and mobile service owners monitor users’ usage and investigate potential misuses.

The effectiveness of vulnerability disclosure and exploit development
New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible vulnerability disclosure and exploit development.

Healthcare organizations are sitting ducks for attacks and breaches
Seventy-three percent of health system, hospital and physician organizations report their infrastructures are unprepared to respond to attacks. The survey results estimated 1500 healthcare providers are vulnerable to data breaches of 500 or more records, representing a 300 percent increase over this year.

2021 predictions for the Everywhere Enterprise
As we near 2021, it seems that the changes to our working life that came about in 2020 are set to remain. Businesses are transforming as companies continue to embrace remote working practices to adhere to government guidelines.

Why biometrics will not fix all your authentication woes
In recent years biometrics have increasingly been lauded as a superior authentication solution to passwords. However, biometrics are not immune from problems and once you look under the hood, they bring their own set of challenges.

Accept your IT security limits and call in the experts
For IT security teams, the work-from-home switch meant even more work and struggling finding new ways to keep their organization and their employees secure from an increasing number and frequency of cyber threats.

AWS Network Firewall: Network protection across all AWS workloads
Amazon Web Services announced the general availability of AWS Network Firewall, a new managed security service that makes it easier for customers to enable network protections across all of their AWS workloads.

eBook: The security certification healthcare relies on
In the new (ISC)² eBook, HCISPPs around the world share how becoming certified has helped advance their careers – and keep healthcare IT healthy.

New infosec products of the week: November 20, 2020
A rundown of the most important infosec products released last week.

Week in review: Cybersecurity workforce gap decreases, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles:

Every employee has a cybersecurity blind spot
80% of companies say that an increased cybersecurity risk caused by human factors has posed a challenge during the COVID-19 pandemic, particularly in times of heightened stress.

Microsoft advises users to stop using SMS- and voice-based MFA
Multi-factor authentication (MFA) that depends on one of the authentication factors being delivered via SMS and voice calls should be avoided, Alex Weinert, Director of Identity Security at Microsoft, opined.

November 2020 Patch Tuesday: Microsoft fixes actively exploited Windows Kernel flaw
Microsoft plugged 112 CVE-numbered flaws in a variety of its products, including CVE-2020-17087, a Windows Kernel privilege escalation vulnerability disclosed the week before by Google, as it was being actively exploited in the wild.

Cybersecurity workforce gap decreases, job satisfaction rates increase
For the first time, there’s a year-over-year reduction in the cybersecurity workforce gap, due in part to increased talent entry into the field and uncertain demand due to the economic impact of COVID-19, (ISC)² finds.

(IN)SECURE Magazine issue 67 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 67 has been released today. It’s a free download, no registration required.

Researchers discover POS backdoor targeting the hospitality industry
ESET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS (point-of-sale) – a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide.

Malware activity spikes 128%, Office document phishing skyrockets
Nuspire released a report, outlining new cybercriminal activity and tactics, techniques and procedures (TTPs) throughout Q3 2020, with additional insight from Recorded Future.

Finding 365 bugs in Microsoft Office 365
During an upcoming presentation at HITB CyberWeek 2020, Ashar Javed, a security engineer at Hyundai AutoEver Europe, will share stories from his journey towards discovering 365 valid bugs in Microsoft Office 365. We took this opportunity to ask him about his work.

FTC orders Zoom to enhance security practices
Zoom Video Communications, the maker of the popular Zoom video conferencing solution, has agreed to settle allegations made by the US Federal Trade Commission (FTC) that it “engaged in a series of deceptive and unfair practices that undermined the security of its users.”

What’s stopping job seekers from considering a career in cybersecurity?
(ISC)² has recently asked 2,500 people across the US and the UK who don’t currently work in cybersecurity roles and have never worked in the field about how they view cybersecurity workers, whether they would consider entering the field, and what’s stopping them from doing it.

End-to-end encrypted communication mitigates enterprise security risk and ensures compliance
It is a mathematical certainty that data is more protected by communication products that provide end-to-end encryption (E2EE). Yet, many CISOs are required to prioritize regulatory requirements before data protection when considering the corporate use of E2EE communications.

Encryption-based threats grow by 260% in 2020
New Zscaler threat research reveals the emerging techniques and impacted industries behind a 260-percent spike in attacks using encrypted channels to bypass legacy security controls.

Stop thinking of cybersecurity as a problem: Think of it as a game
Cybersecurity isn’t a battle that’s ultimately won, but an ongoing game to play every day against attackers who want to take your systems down. We won’t find a one-size-fits-all solution for the vulnerabilities that were exposed by the pandemic. Instead, each company needs to charge the field and fend off their opponent based on the rules of play.

Making history: The pandemic, disaster recovery and data protection
Let’s face it, because of the pandemic a lot of companies were caught off guard with insufficient plans for data protection and disaster recovery (DR). That isn’t easy in the best of times, never mind during a pandemic. Even those with effective strategies now must revisit and update them.

New side-channel attacks allow access to sensitive data on Intel CPUs
An international team of security researchers is presenting new side-channel attacks (CVE-2020-8694 and CVE-2020-8695), which use fluctuations in software power consumption to access sensitive data on Intel CPUs.

How IoT insecurity impacts global organizations
As the Internet of Things becomes more and more part of our lives, the security of these devices is imperative, especially because attackers have wasted no time and are continuously targeting them.

Fraudsters increasingly creative with names and addresses for phishing sites
COVID-19 continues to significantly embolden cybercriminals’ phishing and fraud efforts, according to research from F5 Labs.

The evolving role of the CTO
The CTO role is changing to encompass supply chain resiliency, communications solutions and support for sales teams, preventing technological surprise and meeting broader business unit needs.

Product showcase: Specops Password Auditor
Specops Password Auditor, a free tool, provides an automated tool to proactively scan and find weak, reused, and breached passwords in use in your Active Directory environment. The best part – it makes this process extremely easy.

Q&A session: Examples of what it takes to achieve DevSecOps maturity
Join Cobalt for an interactive 1-hour Q&A session that tackles real-life examples of what it takes to achieve DevSecOps maturity.

Week in review: Windows zero-day exploited, Patch Tuesday forecast, selecting a compliance solution

Here’s an overview of some of last week’s most interesting news, reviews and articles:

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)
A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker’s malicious repository using a vulnerable Git version control tool, security researcher Dawid Golunski has discovered.

November 2020 Patch Tuesday forecast: Significant OS changes ahead
November Patch Tuesday and the end-of-year holidays are rapidly approaching. Microsoft gave us a late release or maybe an early gift depending upon how you look at the new version of Windows 10. The Patch Tuesday updates appear to be light, so things are looking much better as we enter the final stretch for 2020.

Paying a ransom to prevent leaking of stolen data is a risky gamble
Ransomware groups have realized that their tactics are also very effective for targeting larger enterprises, and this resulted in a 31% increase of the average ransom payment in Q3 2020 (reaching $233,817), ransomware IR provider Coveware shared in a recently released report.

Ryuk ransomware behind one third of all ransomware attacks in 2020
There’s a growing use of ransomware, encrypted threats and attacks among cybercriminals leveraging non-standard ports, while overall malware volume declined for the third consecutive quarter, SonicWall reveals.

What is ad fraud and how can advertisers fight against it?
According to HP Enterprise’s Business of Hacking report, ad fraud is the easiest and most lucrative form of cybercrime, above activities such as credit card fraud, payment fraud and bank fraud. Luke Taylor, COO and Founder of TrafficGuard, explains why businesses should do what they can to detect and prevent it.

How to deal with the escalating phishing threat
In today’s world, most external cyberattacks start with phishing. For attackers, it’s almost a no-brainer: phishing is cheap and humans are fallible, even after going through anti-phishing training.

Google discloses actively exploited Windows zero-day (CVE-2020-17087)
Google researchers have made public a Windows kernel zero day vulnerability (CVE-2020-17087) that is being exploited in the wild in tandem with a Google Chrome flaw (CVE-2020-15999) that has been patched on October 20. Then the company patched two actively exploited Chrome zero-day vulnerabilities: CVE-2020-16009 is present in the desktop version of the browser, CVE-2020-16010 in the mobile (Android) version.

How smartphones became IoT’s best friend and worst enemy
Relying on the ubiquity of smartphones and the rise of remote controls, users and vendors alike have embraced the move away from physical device interfaces. This evolution in the IoT ecosystem, however, brings major benefits AND serious drawbacks.

Top tasks IT professionals are spending more time on
LogMeIn released a report that reveals the current state of IT in the new era of remote work. The report quantifies the impact of COVID-19 on IT roles and priorities for small to medium-sized businesses.

Quantum computers: How to prepare for this great threat to information security
Quantum computers also pose a big security problem. With exponentially higher processing power, they will be able to smash through the public-key encryption standards widely relied on today, threatening the security of all digital information and communication.

How do I select a compliance solution for my business?
To select a suitable compliance solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Review: Specops Password Policy
Specops Password Policy is a powerful tool for overcoming the limitations of the default password policies present in Microsoft Active Directory environments.

BEC attacks increase in most industries, invoice and payment fraud rise by 155%
BEC attacks increased 15% quarter-over-quarter, driven by an explosion in invoice and payment fraud, Abnormal Security research reveals.

The power of trusted endpoints
The vision of trusted endpoints is becoming a reality and finally, context-specific identities can be provisioned into most consumer devices.

Enterprise IT security teams continue to struggle
CyberEdge conducted a web-based survey of 600 enterprise IT security professionals from seven countries and 19 industries in August 2020 in an effort to understand how the pandemic has affected IT security budgets, personnel, cyber risks, and priorities for acquiring new security technologies.

Cybersecurity training: Learn how to secure containerized environments
For the last several years, Sheila A. Berta, Head of Security Research at Dreamlab Technologies, has been conducting investigations in a variety of information security areas like hardware hacking, car hacking, wireless security, malware and – more recently – Docker, Kubernetes and cloud security.

60% of organizations have accelerated their zero trust projects
The COVID-19 pandemic has not impacted the adoption of zero trust technology globally, a Pulse Secure report reveals. In fact, 60% of organizations said they have accelerated zero trust implementation during the pandemic.

Moving past the madness of manually updated X.509 certificates
One of the greatest advantages of the Microsoft CA is automation, but that advantage does not extend to endpoints outside the Windows environment.

Technology solutions providers must empower end users to improve cybersecurity standards
Despite the increasing sophistication of cyber attacks, TSPs that invest in key foundational, standardized approaches to training put their clients in a much stronger position.

Take back control of IT with cloud native IGA
It’s very difficult for organizations to maintain a highly customized code in their environments that the first generation of IGA products required. All those changes to the code will then need to be maintained. But modern IGA has learned from all the coding requirements of the past and now provides a much simpler way to give users different levels of access.

Report: Intelligent cyber threat response
Cybersecurity professionals know there are fundamental gaps in most cyber operations centers, one of which is the overwhelming level of effort required to understand cyber threat information.

Guide: 10 critical issues to cover in your vendor security questionnaires
In today’s perilous cyber world, companies must carefully check their vendors’ cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire.

Video series: Get into the phisher’s mind
Check out this series to understand the phisher’s perspective and better defend your organization from cyber threats.

New infosec products of the week: November 6, 2020
A rundown of the most important infosec products released last week.

Week in review: Automated pentesting, Oracle WebLogic servers under attack

Here’s an overview of some of last week’s most interesting news and articles:

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)
A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned.

Political campaigns adopt surveillance capitalism at their own peril
The race between competing political campaigns to out-collect, out-analyze and out-leverage voter data has raised concerns about the damaging effects it has on privacy and democratic participation, but also about the fact that all of this data, if seized by adversarial nation-states, opens up opportunities for affecting an election and sowing electoral chaos.

DNS attacks increasingly target service providers
The telecommunications and media sector is the most frequent victim of DNS attacks, according to EfficientIP.

Hackers breach psychotherapy center, use stolen health data to blackmail patients
News of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released.

A new threat matrix outlines attacks against machine learning systems
A report published last year has noted that most attacks against artificial intelligence (AI) systems are focused on manipulating them (e.g., influencing recommendation systems to favor specific content), but that new attacks using machine learning (ML) are within attackers’ capabilities.

Attacks on IoT devices continue to escalate
Attacks on IoT devices continue to rise at an alarming rate due to poor security protections and cybercriminals use of automated tools to exploit these vulnerabilities, according to Nokia.

Attackers finding new ways to exploit and bypass Office 365 defenses
Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways (SEGs), an Area 1 Security study reveals.

How to apply data protection best practices to the 2020 presidential election
It’s safe to assume that we need to protect presidential election data, since it’s one of the most critical sets of information available. Not only does it ensure the legitimacy of elections and the democratic process, but also may contain personal information about voters. Given its value and sensitivity, it only makes sense that this data would be a target for cybercriminals looking for some notoriety – or a big ransom payment.

Work from home strategies leave many companies in regulatory limbo
Like most American businesses, middle market companies have been forced to rapidly implement a variety of work-from-home strategies to sustain productivity and keep employees safe during the COVID-19 pandemic. This shift, in most cases, was conducted with little chance for appropriate planning and due diligence.

Pktvisor: Open source tool for network visibility
NS1 announced that pktvisor, a lightweight, open source tool for real-time network visibility, is available on GitHub.

78% of Microsoft 365 admins don’t activate MFA
On average, 50% of users at enterprises running Microsoft 365 are not managed by default security policies within the platform, according to CoreView.

Cyber risk literacy should be part of every defensive strategy
While almost 95 percent of cybersecurity issues can be traced back to human error, such as accidentally clicking on a malicious link, most governments have not invested enough to educate their citizens about the risks, according to a report from the Oliver Wyman Forum.

Can automated penetration testing replace humans?
Recently though, tools that can be used to automate penetration testing under certain conditions have surfaced – but can they replace human penetration testers?

What the IoT Cybersecurity Improvement Act of 2020 means for the future of connected devices
Connected devices are becoming more ingrained in our daily lives and the burgeoning IoT market is expected to grow to 41.6 billion devices by 2025. As a result of this rapid growth and adoption at the consumer and commercial level, hackers are infiltrating these devices and mounting destructive hacks that put sensitive information and even lives at risk.

76% of applications have at least one security flaw
The majority of applications contain at least one security flaw and fixing those flaws typically takes months, a Veracode report reveals.

Most companies have high-risk vulnerabilities on their network perimeter
Positive Technologies performed instrumental scanning of the network perimeter of selected corporate information systems. A total of 3,514 hosts were scanned, including network devices, servers, and workstations. The results show the presence of high-risk vulnerabilities at most companies. However, half of these vulnerabilities can be eliminated by installing the latest software updates.

MDR service essentials: Market trends and what to look for
Mark Sangster, VP and Industry Security Strategist at eSentire, is a cybersecurity evangelist who has spent significant time researching and speaking to peripheral factors influencing the way that legal firms integrate cybersecurity into their day-to-day operations. In this interview, he discusses MDR services and the MDR market.

What’s next for cloud backup?
Cloud adoption was already strong heading into 2020. According to a study by O’Reilly, 88% of businesses were using the cloud in some form in January 2020. The global pandemic just accelerated the move to SaaS tools. This seismic shift where businesses live day-to-day means a massive amount of business data is making its way into the cloud.

Report: The need for pervasive email security
A more comprehensive email security solution is needed—one that protects at the perimeter, inside the network and the organization, and beyond the perimeter. Mimecast’s Email Security 3.0 strategy can help.

HITBSecTrain: Cutting-edge virtual cyber security trainings on a monthly basis
In November, to coincide with the virtual edition of HITBCyberWeek 2020, 10 deep-knowledge technical trainings are being offered, covering topics such as: 5G security awareness, practical malware analysis and memory forensics, mobile hacking, secure coding and DevSecOps, applied data science and machine learning for cybersecurity, and more.

New infosec products of the week: October 30, 2020
A rundown of the most important infosec products released last week.

Week in review: Confidential computing, data protection predictions, Sandworm hackers charged

Here’s an overview of some of last week’s most interesting news, reviews and articles:

What is confidential computing? How can you use it?
What is confidential computing? Can it strengthen enterprise security? Nelly Porter, Senior Product Manager, Google Cloud and Sam Lugani, Lead Security PMM, Google Workspace & GCP, answer these and other questions in this Help Net Security interview.

Cybersecurity is failing due to ineffective technology
Based on over 100 comprehensive interviews with business and cybersecurity leaders from large enterprises, together with vendors, assessment organizations, government agencies, industry associations and regulators, the research shines a light on why technology vendors are not incentivized to deliver products that are more effective at reducing cyber risk.

Safari, other mobile browsers affected by address bar spoofing flaws
Security researcher Rafay Baloch has discovered address bar spoofing vulnerabilities in several mobile browsers, which could allow attackers to trick users into sharing sensitive information through legitimate-looking phishing sites.

Review: Netsparker Enterprise web application scanner
We reviewed Netsparker Enterprise, which is one of the industry’s top choices for web application vulnerability scanning.

Is poor cyber hygiene crippling your security program?
Cybercriminals are targeting vulnerabilities created by the pandemic-driven worldwide transition to remote work, according to Secureworks.

US charges Sandworm hackers who mounted NotPetya, other high-profile attacks
The Sandworm Team hacking group is part of Unit 74455 of the Russian Main Intelligence Directorate (GRU), the US Department of Justice (DoJ) claimed as it unsealed an indictment against six hackers and alleged members on Monday.

Cybercrime capitalizing on the convergence of COVID-19 and 2020 election
The cybersecurity challenges of the global pandemic are now colliding with the 2020 U.S. presidential election resulting in a surge of cybercrime, VMware research reveals.

25 vulnerabilities exploited by Chinese state-sponsored hackers
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks.

Can we trust passwordless authentication?
We are beginning to shift away from what has long been our first and last line of defense: the password. It’s an exciting time. Since the beginning, passwords have aggravated people. Meanwhile, passwords have become the de facto first step in most attacks. Yet I can’t help but think, what will the consequences of our actions be?

Data protection predictions for 2021
2020 presented us with many surprises, but the world of data privacy somewhat bucked the trend. Many industry verticals suffered losses, uncertainty and closures, but the protection of individuals and their information continued to truck on.

Critical infrastructure and industrial orgs can test Azure Defender for IoT for free
Azure Defender for IoT – Microsoft’s new security solution for discovering unmanaged IoT/OT assets and IoT/OT vulnerabilities – is now in public preview and can be put to the test free of charge.

SecOps teams turn to next-gen automation tools to address security gaps
SOCs across the globe are most concerned with advanced threat detection and are increasingly looking to next-gen automation tools like AI and ML technologies to proactively safeguard the enterprise, Micro Focus reveals.

Preventing cybersecurity’s perfect storm
Zerologon might have been cybersecurity’s perfect storm: that moment when multiple conditions collide to create a devastating disaster. Thanks to Secura and Microsoft’s rapid response, it wasn’t.

Most cybersecurity pros believe automation will make their jobs easier
Despite 88% of cybersecurity professionals believing automation will make their jobs easier, younger staffers are more concerned that the technology will replace their roles than their veteran counterparts, according to a research by Exabeam.

Moving to the cloud with a security-first, zero trust approach
Many companies tend to jump into the cloud before thinking about security. They may think they’ve thought about security, but when moving to the cloud, the whole concept of security changes. The security model must transform as well.

5 tips to reduce the risk of email impersonation attacks
Email attacks have moved past standard phishing and become more targeted over the years. In this article, I will focus on email impersonation attacks, outline why they are dangerous, and provide some tips to help individuals and organizations reduce their risk exposure to impersonation attacks.

Webinar: How to think about cybersecurity the way executives think about business
It’s time to change the way we think about cybersecurity and risk management. Cybersecurity is no longer an IT problem to solve or a “necessary evil” to cost manage. Rather, cybersecurity has rapidly stormed the boardroom as a result of high-profile and costly data breaches.

Save 40% on CISSP or CCSP training until November 30
To help you stay committed to your certification, through November 30, (ISC)² is offering a 40% discount off Official CISSP and CCSP Online Instructor-Led Trainings when you bundle with an exam voucher. Training seats are limited, so secure your spot today!

New infosec products of the week: October 23, 2020
A rundown of the most important infosec products released last week.

Week in review: Criminals leveraging Office 365, endpoint attack anatomy, medical devices cybersec

Here’s an overview of some of last week’s most interesting news, reviews and articles:

Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)
SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow vulnerability in the appliances’ VPN Portal that could be exploited to cause denial of service and possibly remote code execution.

The anatomy of an endpoint attack
A lot has changed across the cybersecurity threat landscape in the last decade, but one thing has remained the same: the endpoint is under siege. What has changed is how attackers compromise endpoints. Threat actors have learned to be more patient after gaining an initial foothold within a system (and essentially scope out their victim).

CPRA: More opportunity than threat for employers
As companies struggle with their existing compliance requirements, many fear that a new privacy ballot initiative – the California Privacy Rights Act (CPRA) – could complicate matters further.

Cybercriminals are using legitimate Office 365 services to launch attacks
Vectra released its report on Microsoft Office 365, which highlights the use of Office 365 in enterprise cyberattacks.

How to build up cybersecurity for medical devices
Manufacturing medical devices with cybersecurity firmly in mind is an endeavor that, according to Christopher Gates, an increasing number of manufacturers is trying to get right.

October 2020 Patch Tuesday: Microsoft fixes potentially wormable Windows TCP/IP RCE flaw
Microsoft has released patches for 87 CVE-numbered flaws in a variety of its offerings: 11 critical, 75 important, and one of moderate severity. None of the fixed vulnerabilities are currently being exploited, though six of them were previously publicly known.

Three best practices for responsible open source usage in the COVID-19 era
Organizations across both the private and public sector have been turning to open source solutions as a means to tackle emerging challenges while retaining the rapidity and agility needed to respond to evolving needs and remain competitive.

With database attacks on the rise, how can companies protect themselves?
Misconfigured or unsecured databases exposed on the open web are a fact of life. We hear about some of them because security researchers tell us how they discovered them, pinpointed their owners and alerted them, but many others are found by attackers first.

All Zoom users get end-to-end encryption (E2EE) option next week
Zoom users – both those who are on one of the paid plans and those who use it for free – will be able to try out the solution’s new end-to-end encryption (E2EE) option.

GitHub envisions a world with fewer software vulnerabilities
After five months in beta, the GitHub Code Scanning security feature has been made generally available to all users: for free for public repositories, as a paid option for private ones.

The brain of the SIEM and SOAR
SIEM and SOAR solutions are important tools in a cybersecurity stack. They gather a wealth of data about potential security incidents throughout your system and store that info for review. But just like nerve endings in the body sending signals, what good are these signals if there is no brain to process, categorize and correlate this information?

Technologies that enable legal and compliance leaders to spot innovations
COVID-19 has accelerated the push toward digital business transformation for most businesses, and legal and compliance leaders are under pressure to anticipate both the potential improvements and possible risks that come with new legal technology innovations, according to Gartner.

As attackers evolve their tactics, continuous cybersecurity education is a must
As the Information Age slowly gives way to the Fourth Industrial Revolution, and the rise of IoT and IIoT, on-demand availability of computer system resources, big data and analytics, and cyber attacks aimed at business environments impact on our everyday lives, there’s an increasing need for knowledgeable cybersecurity professionals and, unfortunately, an increasing cybersecurity workforce skills gap.

Microsoft and partners cut off key Trickbot botnet infrastructure
Two weeks after someone (allegedly the US Cyber Command) temporarily interrupted the operation of the infamous Trickbot botnet, a coalition of tech companies headed by Microsoft has struck a serious blow against its operators.

SaaS adoption prompting concerns over operational complexity and risk
A rise in SaaS adoption is prompting concerns over operational complexity and risk, a BetterCloud report reveals.

In the era of AI, standards are falling behind
According to a recent study, only a minority of software developers are actually working in a software development company. This means that nowadays literally every company builds software in some form or another.

New research shows risk in healthcare supply chain
New research from RiskRecon and the Cyentia Institute pinpointed risk in third-party healthcare supply chain and showed that healthcare’s high exposure rate indicates that managing a comparatively small Internet footprint is a big challenge for many organizations in that sector.

New infosec products of the week: October 16, 2020
A rundown of the most important infosec products released last week.

Week in review: Nmap 7.90 released, new AWS S3 security features, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, reviews and articles:

How do I select a data storage solution for my business?
To select a suitable data storage for your business, you need to think about a variety of factors. We’ve talked to several industry leaders to get their insight on the topic.

October 2020 Patch Tuesday forecast: Trick or treat?
It’s October and that means Halloween will be here at the end of the month. It won’t be much fun if we only get to ‘dress up’ and look at each other via video conference. But then, we’ve had a lot of ‘tricks’ thrown at us this last month – Zerologon, explosion of ransomware, COVID phishing attacks, and more. Will we get more tricks next week or are we in for a treat on Patch Tuesday?

Why CIOs need to focus on password exposure, not expiration
Biometrics may be a media darling, but the truth is that passwords will remain the primary authentication mechanism for the foreseeable future. But while passwords may not be a cutting-edge security innovation, that’s not to suggest that CIOs don’t need to modernize their approach to password management.

Review: Practical Vulnerability Management: A Strategic Approach to Managing Cyber Risk
Andrew Magnusson started his information security career 20 years ago and he decided to offer the knowledge he accumulated through this book, to help the reader eliminate security weaknesses and threats within their system.

Nmap 7.90 released: New fingerprints, NSE scripts, and Npcap 1.0.0
Nmap is a widely used free and open-source network scanner. The utility is used for network inventorying, port scanning, managing service upgrade schedules, monitoring host or service uptime, etc.

Three common mistakes in ransomware security planning
As the frequency and intensity of ransomware attacks increase, one thing is becoming abundantly clear: organizations can do more to protect themselves. Unfortunately, most organizations are dropping the ball. Most victims receive adequate warning of potential vulnerabilities yet are woefully unprepared to recover when they are hit.

How to avoid the most common mistakes of an identity governance program
It’s a story I have seen play out many times over two decades in the Identity and Access Management (IAM) field: An organization determines that it needs a more robust Identity Governance and Administration (IGA) program, they kick off a project to realize this goal, but after a promising start, the whole effort falls apart within six to twelve months.

AWS adds new S3 security and access control features
Amazon Web Services (AWS) has made available three new S3 (Simple Storage Service) security and access control features.

Cybersecurity practices are becoming more formal, security teams are expanding
Organizations are building confidence that their cybersecurity practices are headed in the right direction, aided by advanced technologies, more detailed processes, comprehensive education and specialized skills, a research from CompTIA finds.

Number of corporate credentials exposed on the dark web increased by 429%
While there has been a year-over-year decrease in publicly disclosed data breaches, an Arctic Wolf report reveals that the number of corporate credentials with plaintext passwords on the dark web has increased by 429 percent since March.

Why developing cybersecurity education is key for a more secure future
European Cybersecurity Month is a timely reminder that we must not become complacent and must redouble our efforts to stay safe online and bolster the cybersecurity skills base in society. This is imperative not only to manage the challenges we face today, but to ensure we can rise to the next wave of unknown, sophisticated cybersecurity threats that await us tomorrow.

ATM cash-out: A rising threat requiring urgent attention
An ATM cash-out attack is an elaborate and choreographed attack in which criminals breach a bank or payment card processor and manipulate fraud detection controls as well as alter customer accounts so there are no limits to withdraw money from numerous ATMs in a short period of time.

HP Device Manager vulnerabilities may allow full system takeover
Three vulnerabilities affecting HP Device Manager, an application for remote management of HP Thin Client devices, could be chained together to achieve unauthenticated remote command execution as SYSTEM, security researcher Nick Bloor has found.

37% of remote employees have no security restrictions on corporate devices
ManageEngine unveiled findings from a report that analyzes behaviors related to personal and professional online usage patterns.

Working together to secure our expanding connected health future
Securing medical devices is not a new challenge. Former Vice President Cheney, for example, had the wireless capabilities of a defibrillator disabled when implanted near his heart in 2007, and hospital IT departments and health providers have for years secured medical devices to protect patient data and meet HIPAA requirements.

Most enterprises struggle with IoT security incidents
72% of organizations experienced an increase in endpoint and IoT security incidents in the last year.

NIST crowdsourcing challenge aims to de-identify public data sets to protect individual privacy
NIST has launched a crowdsourcing challenge to spur new methods to ensure that important public safety data sets can be de-identified to protect individual privacy.

Save on CCSP self-paced exam prep when bundled with exam voucher
Now’s your time to become recognized as a globally respected cloud expert and catapult your career with the (ISC)² Certified Cloud Security Certification (CCSP).

The CISO’s Guide to Third-Party Security Management
The CISO’s Guide to Third-Party Security Management provides the instructions you need to make your organization’s third-party security program effective and scalable.

New infosec products of the week: October 9, 2020
A rundown of the most important infosec products released last week.

Week in review: Hardware security, protecting APIs, determining the true impact of a cyber attack

Here’s an overview of some of last week’s most interesting news, reviews and articles:

The biggest cyber threats organizations deal with today
Microsoft has released a new report outlining enterprise cyberattack trends in the past year (July 2019 – June 2020) and offering advice on how organizations can protect themselves.

Three immediate steps to take to protect your APIs from security risks
Undermining the power of an API-driven development methodology are shadow, deprecated and non-conforming APIs that, when exposed to the public, introduce the risk of data loss, compromise or automated fraud.

How vital is cybersecurity awareness for a company’s overall IT security?
The benefits of cybersecurity awareness programs are currently the subject of broad discussion, particularly when it comes to phishing simulations. Nowadays, companies not only invest in IT security solutions, but also in the training of their employees with the goal of making them more conscious of security issues.

Large US hospital chain hobbled by Ryuk ransomware
US-based healtchare giant Universal Health Services (UHS) has suffered a cyberattack, which resulted in the IT network across its facilities to be shut down.

Measuring impact beyond a single incident
Determining the true impact of a cyber attack has always and will likely be one of the most challenging aspects of this technological age.

Hardware security: Emerging attacks and protection mechanisms
Maggie Jauregui’s introduction to hardware security is a fun story: she figured out how to spark, smoke, and permanently disable GFCI (Ground Fault Circuit Interrupter – the two button protections on plugs/sockets that prevent you from electrocuting yourself by accident with your hair dryer) wirelessly with a walkie talkie.

Permanent remote work puts greater pressure on IT teams
82% of IT leaders think their company is at a greater risk of phishing attacks, and 78% believe they are at a greater risk of an insider attack, when employees are working from home, according to a report from Tessian.

85% of COVID-19 tracking apps leak data
71% of healthcare and medical apps have at least one serious vulnerability that could lead to a breach of medical data, according to Intertrust.

Review: ThreadFix 3.0
This is a review of ThreadFix 3.0, a vulnerability management platform that helps organizations overcome these challenges and manage risky applications and infrastructure efficiently and in alignment with the agile development processes.

4.83 million DDoS attacks took place in the first half of 2020, a 15% increase
Attackers focused on COVID-era lifelines such as healthcare, e-commerce, and educational services with complex, high-throughput attacks designed to overwhelm and quickly take them down, Netscout reveals.

Rising reports of fraud signal that some COVID-related schemes may just be getting started
As the economic fallout of the COVID-19 crisis continues to unfold, a research from Next Caller, reveals the pervasive impact that COVID-related fraud has had on Americans, as well as emerging trends that threaten the security of contact centers, as we head towards what may be another wave of call activity.

MITRE Shield shows why deception is security’s next big thing
MITRE recently added to their portfolio and released MITRE Shield, an active defense knowledge base that captures and organizes security techniques in a way that is complementary to the mitigations featured in MITRE ATT&CK.

Cybersecurity lessons learned from data breaches and brand trust matters
Your brand is a valuable asset, but it’s also a great attack vector. Threat actors exploit the public’s trust of your brand when they phish under your name or when they counterfeit your products. The problem gets harder because you engage with the world across so many digital platforms – the web, social media, mobile apps. These engagements are obviously crucial to your business.

The lifecycle of a eureka moment in cybersecurity
It takes more than a single eureka moment to attract investor backing, especially in a notoriously high-stakes and competitive industry like cybersecurity.

Is passwordless authentication actually the future?
While passwords may not be going away completely, 92 percent of respondents believe passwordless authentication is the future of their organization.

Whitepapers: Stronger cybersecurity starts with CISSP
The latest whitepapers examine the expanding threat landscape and how cybersecurity can drive business growth with the right experts in place.

Report: Hunting Evasive Malware
Get new insights and defensive guidance from this Threat Intelligence Spotlight: Hunting Evasive Malware that draws on data from the 650-plus organizations that eSentire protects and VMware Carbon Black’s extensive endpoint protection install base.

New infosec products of the week: October 2, 2020
A rundown of the most important infosec products released last week.

Week in review: Infosec career misconceptions and challenges, early warning signs of ransomware

Here’s an overview of some of last week’s most interesting news and articles:

CISA orders federal agencies to implement Zerologon fix
If you had any doubts about the criticality of the Zerologon vulnerability (CVE-2020-1472) affecting Windows Server, here is a confirmation: the US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive instructing federal agencies to “immediately apply the Windows Server August 2020 security update to all domain controllers.”

What are the traits of an effective CISO?
Only 12% of CISOs excel in all four categories of the Gartner CISO Effectiveness Index.

Credential stuffing is just the tip of the iceberg
Credential stuffing attacks are taking up a lot of the oxygen in cybersecurity rooms these days. A steady blitz of large-scale cybersecurity breaches in recent years have flooded the dark web with passwords and other credentials that are used in subsequent attacks such as those on Reddit and State Farm, as well as widespread efforts to exploit the remote work and online get-togethers resulting from the COVID-19 pandemic.

NIST guide to help orgs recover from ransomware, other data integrity attacks
The National Institute of Standards and Technology (NIST) has published a cybersecurity practice guide enterprises can use to recover from data integrity attacks, i.e., destructive malware and ransomware attacks, malicious insider activity or simply mistakes by employees that have resulted in the modification or destruction of company data (emails, employee records, financial records, and customer data).

Windows backdoor masquerading as VPN app installer
Windows users looking to install a VPN app are in danger of downloading one that’s been bundled with a backdoor, Trend Micro researchers warn.

Infosec pros struggle to find opportunities to improve their work skills
Cybrary released the findings from the report which examines the current challenges, perceptions, and impacts of the cybersecurity skills gap faced by IT and security teams worldwide.

iOS 14: New privacy and security features
Apple has released iOS 14, with a bucketload of new and improved functional features and a handful of privacy and security ones.

Secure data sharing in a world concerned with privacy
The ongoing debate surrounding privacy protection in the global data economy reached a fever pitch with July’s “Schrems II” ruling at the European Court of Justice, which struck down the Privacy Shield – a legal mechanism enabling companies to transfer personal data from the EU to the US for processing – potentially disrupting the business of thousands of companies.

Phishers are targeting employees with fake GDPR compliance reminders
Phishers are using a bogus GDPR compliance reminder to trick recipients – employees of businesses across several industry verticals – into handing over their email login credentials.

Views and misconceptions of cybersecurity as a career path
Attitudes toward cybersecurity roles are now overwhelmingly positive, although most people still don’t view the field as a career fit for themselves, even as 29% of respondents say they are considering a career change, an (ISC)² study reveals.

Your best defense against ransomware: Find the early warning signs
Ransomware isn’t hard to detect but identifying it when the encryption and exfiltration are rampant is too little too late. However, there are several warning signs that organizations can catch before the real damage is done. In fact, FireEye found that there is usually three days of dwell time between these early warning signs and detonation of ransomware.

5 simple steps to bring cyber threat intelligence sharing to your organization
Cyber threat intelligence (CTI) sharing is a critical tool for security analysts. It takes the learnings from a single organization and shares it across the industry to strengthen the security practices of all.

DaaS, BYOD, leasing and buying: Which is better for cybersecurity?
Currently, Device-as-Service (DaaS), Bring-Your-Own-Device (BYOD) and leasing/buying are some of the most popular hardware options. To determine which is most appropriate for your business cybersecurity needs, here are the pros and cons of each.

Phish Scale: New method helps organizations better train their employees to avoid phishing
Researchers at the National Institute of Standards and Technology (NIST) have developed a new method called the Phish Scale that could help organizations better train their employees to avoid phishing.

Bit-and-piece DDoS attacks increased 570% in Q2 2020
Attackers shifted tactics in Q2 2020, with a 570% increase in bit-and-piece DDoS attacks compared to the same period last year, according to Nexusguard.

Cybercriminals moved quickly to capitalize on the COVID-19 outbreak using malicious emails
While the COVID-19 outbreak has disrupted the lives and operations of many people and organizations, the pandemic failed to interrupt onslaught of malicious emails targeting people’s inboxes, according to an attack landscape update published by F-Secure.

A look at the top threats inside malicious emails
Web-phishing targeting various online services almost doubled during the COVID-19 pandemic: it accounted for 46 percent of the total number of fake web pages, Group-IB reveals.

Using virtualization to isolate risky applications and other endpoint threats
More and more security professionals are realizing that it’s impossible to fully secure a Windows machine – with all its legacy components and millions of potentially vulnerable lines of code – from within the OS. With attacks becoming more sophisticated than ever, hypervisor-based security, from below the OS, becomes a necessity.

Layered security becomes critical as malware attacks rise
Despite an 8% decrease in overall malware detections in Q2 2020, 70% of all attacks involved zero day malware.

Offensive Security releases Win-KeX 2.0, packed with new features
Win-KeX provides a Kali Desktop Experience for Windows Subsystem for Linux (WSL 2), and version 2.0 comes with useful features.

Whitepaper: Mobile banking regulations, threats and fraud prevention
The usage of banking services through a mobile app has quickly been embraced by consumers. At the end of 2019, 74% of the UK and 75% of the US people used mobile devices to manage their finances.

Week in review: Zerologon PoCs released, five steps to recover from ransomware, CISOs’ golden opportunity

Here’s an overview of some of last week’s most interesting news, reviews and articles:

Most people ignore QR code security concerns
QR codes are rising in popularity and use, according to a consumer sentiment study by MobileIron. Sixty-four percent of respondents stated that a QR code makes life easier in a touchless world – despite a majority of people lacking security on their mobile devices, with 51% of respondents stating they do not have or do not know if they have security software installed on their mobile devices.

Are your domain controllers safe from Zerologon attacks?
CVE-2020-1472, a privilege elevation vulnerability in the Netlogon Remote Protocol (MS-NRPC) for which Microsoft released a patch in August, has just become a huge liability for organizations that are struggling with timely patching.

Review: Web Security for Developers: Real Threats, Practical Defense
Malcolm McDonald, with his 20 years of experience in programming, poured his knowledge into this book to offer comprehensive information about everything a developer needs to know to do their job properly and thoroughly.

Attacked by ransomware? Five steps to recovery
While there is a lot of discussion about preventing ransomware from affecting your business, the best practices for recovering from an attack are a little harder to pin down.

Microsoft open-sources tool that enables continuous developer-driven fuzzing
Microsoft has open-sourced OneFuzz, its own internal continuous developer-driven fuzzing platform, allowing developers around the world to receive fuzz testing results directly from their build system.

Aiming for a career in cybersecurity? Now is the time to pick up new skills
The required security measures are known and advice for achieving remote work security is easy to get, but implementing it all takes time and effort. Even before the advent of COVID-19, organizations had trouble filling all the cybersecurity positions they opened – and their needs have surely intensified in the last few months.

What are the most vulnerable departments and sectors to phishing attacks?
Keepnet Labs has revealed the most vulnerable departments and sectors against phishing attacks, based on a data set of 410 thousand phishing emails, covering a period of one year.

Justifying your 2021 cybersecurity budget
Sitting in the midst of an unstable economy, a continued public health emergency, and facing an uptick in successful cyber attacks, CISOs find themselves needing to enhance their cybersecurity posture while remaining within increasingly scrutinized budgets.

Telehealth is healthcare industry’s biggest cybersecurity risk
The rapid adoption and onboarding of telehealth vendors led to a significantly increased digital footprint, attack surface, and cybersecurity risk for both provider and patient data, a new report released by SecurityScorecard and DarkOwl has shown.

Cyber losses are increasing in frequency and severity
Cyber attacks have increased in number and severity since the onset of the pandemic. The changes organizations implemented to facilitate remote work have given cybercriminals new opportunities to launch campaigns exploiting mass uncertainty and fear.

Safari 14: New privacy and security features
Apple has released Safari 14, which features many functional improvements, a Privacy Report that shows all the trackers the browser has neutralized, and and does not support Adobe Flash anymore.

Attacks growing in both scope and sophistication, exposing gaps in the cloud native toolchain
There’s a growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure, according to Aqua Security.

Mobile messengers expose billions of users to privacy attacks
A recent study by a team of researchers from the Secure Software Systems Group at the University of Würzburg and the Cryptography and Privacy Engineering Group at TU Darmstadt shows that currently deployed contact discovery services severely threaten the privacy of billions of users.

DDoS attacks rise in intensity, sophistication and volume
There have been significant shifts in DDoS attack patterns in the first half of 2020, a Neustar report reveals. There has been a 151% increase in the number of DDoS attacks compared to the same period in 2019. These included the largest and longest attacks that Neustar has ever mitigated at 1.17 Terabits-per-second (Tbps) and 5 days and 18 hours respectively.

In uncertain times, CISOs have a golden opportunity
As ransomware attacks become more frequent, IT and information security leaders often end up pointing fingers at each other after a cyber-attack. And there are many fingers in the room, adding to the chaos, trying to avoid responsibility, and deflecting ownership of the problem to other stakeholders.

How security theater misses critical gaps in attack surface and what to do about it
While there has been a strong industry movement towards security effectiveness and productivity, with approaches favoring prioritizing alerts, investigations and activities, there are still a good number of security theatrics carried out in many organizations.

How to enforce real-time controls based on behavior risk scoring
For decades, the traditional approach to securing digital assets has been based on using a primary set of credentials, namely a username and password. This binary model – a user supplies his/her credentials and they are allowed into the network, application, etc. – has run its course.

Report: The state of email security
The state of the world in 2020 is unlike anything we have experienced before, and it’s trickled down to have an impact on the IT and security world.

Google offers high-risk Chrome users additional scanning of risky files
Google is providing a new “risky files” scanning feature to Chrome users enrolled in its Advanced Protection Program (APP).

Product showcase: AppTrana
To shore up yesterday’s defense against today’s and tomorrow’s threats, defend your application by leveraging a new generation of risk-based fully managed cloud WAF.

Week in review: PAN-OS flaws, securing AD accounts against password-based attacks

Here’s an overview of some of last week’s most interesting news, interviews and articles:

Popular Android apps are rife with cryptographic vulnerabilities
Columbia University researchers have released Crylogger, an open source dynamic analysis tool that shows which Android apps feature cryptographic vulnerabilities.

How to protect yourself from the hidden threat of evasive scripts
While Emotet is one example of threat that uses scripts as part of its evasive strategy, there are many other types of script-based evasion techniques organizations need to be aware of to keep their systems secure.

How to add 2FA to your Zoom account
Video conferencing platform Zoom is finally offering all users the option to enable two-factor authentication (2FA) to secure their accounts against credential stuffing attacks and attacks leveraging phished login credentials.

September 2020 Patch Tuesday: Microsoft fixes over 110 CVEs again
This September 2020 Patch Tuesday covers security updates by Microsoft, Adobe, Intel and SAP.

Mapping the motives of insider threats
Insider threats can take many forms, from the absent-minded employee failing to follow basic security protocols, to the malicious insider, intentionally seeking to harm your organization.

Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks’ firewalls
Palo Alto Networks remediated vulnerabilities in PAN-OS (operating systems version 8.1 or later).

How does XDR improve enterprise security in the face of evolving threats?
Cybercriminals will never run out of ways to breach the security protocols enterprises put in place. As security systems upgrade their defenses, attackers also level up their attacks. They develop stealthier ways to compromise networks to avoid detection and enhance the chances of penetration.

Four ways network traffic analysis benefits security teams
The march towards digital transformation and the increasing volume of cyberattacks are finally driving IT security and network teams towards better collaboration. This idea isn’t new, but it’s finally being put into practice at many major enterprises.

How COVID-19 affected remote work, customer engagements, and return to the office plans
Top-tier enterprises were 2.6 times as likely to have grown revenue, 2.5 times as likely to have reached profit goals and 2.1 times as likely to have high employee satisfaction numbers during the COVID-19 pandemic, according to a Catchpoint survey of 200 enterprise CIOs and 200 enterprise work-from-home (WFH) managers.

Securing Active Directory accounts against password-based attacks
Most of us need something to prevent our worst instincts when it comes to choosing passwords: using personal information, predictable (e.g., sequential) keystroke patterns, password variations, well-known substitutions, single words from a dictionary and – above all – reusing the same password for many different private and enterprise accounts.

Ensuring cyber awareness in the healthcare sector
As a result of the COVID-19 pandemic, healthcare professionals have increased their reliance on the internet to carry out their job. From connectivity with patients, to the interconnectivity of different medical devices passing patient data, the threat vector has expanded dramatically, so cyber awareness has become crucial.

Researchers develop secure multi-user quantum communication network
The world is one step closer to having a totally secure internet and an answer to the growing threat of cyber-attacks, thanks to a team of international scientists who have created a multi-user quantum communication network which could transform how we communicate online.

What happens to funds once they have been stolen in a cyberattack?
SWIFT and BAE Systems published a report that describes the complex web of money mules, front companies and cryptocurrencies that criminals use to siphon funds from the financial system after a cyber attack.

Internet Impact Assessment Toolkit: Protect the core that underpins the Internet
The Internet Society has launched the first-ever regulatory assessment toolkit that defines the critical properties needed to protect and enhance the future of the Internet.

Most compliance requirements are completely absurd
Compliance is probably one of the dullest topics in cybersecurity. Let’s be honest, there’s nothing to get excited about because most people view it as a tick-box exercise. It doesn’t matter which compliance regulation you talk about – they all get a collective groan from companies whenever you start talking about it.

How can the C-suite support CISOs in improving cybersecurity?
Among the individuals charged with protecting and improving a company’s cybersecurity, the CISO is typically seen as the executive for the job. That said, the shift to widespread remote work has made a compelling case for the need to bring security within the remit of other departments.

How do I select a remote workforce protection solution for my business?
To select a suitable remote workforce protection solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Developing a plan for remote work security? Here are 6 key considerations
With so many organizations switching to a work-from-home model, many are finding security to be increasingly more difficult to administer and maintain. There is an influx of vulnerable points distributed across more locations than ever before, as remote workers strive to maintain their productivity. The result? Security teams everywhere are being stretched.

Plan for change but don’t leave security behind
COVID-19 has upended the way we do all things. In this interview, Mike Bursell, Chief Security Architect at Red Hat, shares his view of which IT security changes are ongoing and which changes enterprises should prepare for in the coming months and years.

Cybersecurity after COVID-19: Securing orgs against the new threat landscape
The global pandemic has exposed new cracks in organizations’ cyber defenses, with a recent Tenable report finding just under half of businesses have experienced at least one “business impacting cyber-attack” related to COVID-19 since April 2020.

Product showcase: Cynet 360, 2020 Fall Platform Update
The Cynet 360 platform is built on three pillars: Extended Detection and Response (XDR), Response Automation and Managed Detection and Response (MDR). These three components together provide what Cynet calls Autonomous Breach Protection – essentially breach protection on autopilot. Let’s look at each of these components.

(ISC)² Exam Action Plan: Get your certification goals on track for success
Every (ISC)² member started out by committing to and passing one of our certification exams. No matter which certification you choose, you’ll find everything you need to prepare for the big day in the (ISC)² Exam Action Plan.

Week in review: Costliest cybersecurity failures, DNS hijacking protection, AWS security automation

Here’s an overview of some of last week’s most interesting news, interviews and articles:

Cisco patches critical, wormable RCE flaw in Cisco Jabber
Cisco has patched four vulnerabilities in its Jabber client for Windows, the most critical of which (CVE-2020-3495) could allow attackers to achieve remote code execution by sending specially crafted chat messages.

September 2020 Patch Tuesday forecast: Back to school?
Another month has passed working from home and September Patch Tuesday is upon us. For most of us here in the US, September usually signals back to school for our children and with that comes a huge increase in traffic on our highways. But I suspect with the big push for remote learning from home, those of us in IT may be more worried about the increase in network traffic. So, should we expect a large number of updates this Patch Tuesday that will bog down our networks?

Which cybersecurity failures cost companies the most and which defenses have the highest ROI?
Massachusetts Institute of Technology (MIT) scientists have created a cryptographic platform that allows companies to securely share data on cyber attacks they suffered and the monetary cost of their cybersecurity failures without worrying about revealing sensitive information to their competitors or damaging their own reputation.

Microsoft builds deepfakes detection tool to combat election disinformation
Microsoft has developed a deepfakes detection tool to help news publishers and political campaigns, as well as technology to help content creators “mark” their images and videos in a way that will show if the content has been manipulated post-creation.

Five critical cloud security challenges and how to overcome them
Today’s organizations desire the accessibility and flexibility of the cloud, yet these benefits ultimately mean little if you’re not operating securely. One misconfigured server and your company may be looking at financial or reputational damage that takes years to overcome.

Companies continue to expose unsafe network services to the internet
33% of companies within the digital supply chain expose common network services such as data storage, remote access and network administration to the internet, according to RiskRecon. In addition, organizations that expose unsafe services to the internet also exhibit more critical security findings.

Safe domain: How to protect your enterprise from DNS hijacking
When users type in or click on a domain name, they typically assume that they are going to the site that they want to go to. But if a successful DNS hijacking attack has been executed, cybercriminals can take the user to a completely different – and dangerous – web space.

How to drive business value through balanced development automation
Aligning security and delivery at a strategic level is one of the most complex challenges for executives. It starts with an understanding that risk-based thinking should not be perceived as an overhead or tax, but a value added component of creating a high-quality product or service.

Essential features of security automation for the AWS platform
A common security problem in AWS is an open S3 storage bucket where data is publicly readable on the Internet. Despite the default configuration of S3 buckets being private, it’s fairly easy for developers to change policies to be open and for that permission change to apply in a nested fashion. A security automation tool should be able to find and identify this insecure configuration and simply disable public access to the resource without requiring human intervention.

RedCommander: Open source tool for red teaming exercises
GuidePoint Security released a new open source tool that enables a red team to easily build out the necessary infrastructure.

Apple-notarized malware foils macOS defenses
Shlayer adware creators have found a way to get their malicious payload notarized by Apple, allowing it to bypass anti-malware checks performed by macOS before installing any software.
Organizations facing surge in phishing attacks since the start of the pandemic
The frequency of phishing threats has risen considerably since the pandemic started, with companies experiencing an average of 1,185 attacks every month, according to a survey from GreatHorn.

Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers
A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit.

Security teams stretched to breaking point trying to secure new remote working regimes
The cybersecurity skills shortage means that many organizations are in urgent need of talented and experienced security professionals. This has been intensified by the pandemic, with security teams stretched to breaking point trying to secure new remote working regimes against the influx of opportunistic cyberattacks.

Mobile voting: Hype or reality?
For most of us, voting by anything other than a paper ballot or a voting machine is a foreign concept. Due to the pandemic and shelter in place restrictions, various alternatives have been considered this year — in particular, voting via our mobile devices.

Phishing gangs mounting high-ticket BEC attacks, average loss now $80,000
Companies are losing money to criminals who are launching Business Email Compromise (BEC) attacks as a more remunerative line of business than retail-accounts phishing, APWG reveals.

Private, unlicensed 5G mobile network adoption may intensify NetOps and SecOps challenges
While 5G sometimes seems like the panacea for just about everything, it will likely intensify the already common friction between NetOps and SecOps teams that will take part in deployments and operations of the 5G mobile network. Besides faster speeds, lower latency, greater coverage and ultra-reliable mobile services across new radio spectrums, 5G brings tectonic changes in mobile architecture and enables totally novel applications with highly complex requirements.

Surging CMS attacks keep SQL injections on the radar during the next normal
This year, cyberattacks have been on the rise during the pandemic, leaving businesses to wonder whether or not things will settle down whenever the COVID-19 situation begins to wane, or if this is the next normal for the indefinite future.

Why data is the missing link in your cybersecurity strategy
When evaluating cyber security risks to the organization, we’re typically looking at users, devices and IoT devices as possible ways into the infrastructure. And yet it’s not these people and things attackers are really interested in – it’s the data.

Qualys Multi-Vector EDR: Protection across the entire threat lifecycle
In this interview, Sumedh Thakar, President and Chief Product Officer, illustrates how Qualys fills the gaps by introducing a new multi-vector approach and the unifying power of its Cloud Platform to EDR, providing essential context and visibility to the entire attack chain.

(ISC)² research: Why cybersecurity is a great choice for an exciting career
Organizations from all industries and sectors are all seeking skilled security staff. Every role within IT has a cybersecurity aspect. Focusing on security as your primary role opens up a world of options.

Live webinar: XDR and beyond
Anyone paying attention to the cybersecurity technology market has heard the term XDR – Extended Detection and Response. It’s a new technology approach that combines multiple protection technologies into a single platform.

Week in review: ERP security, early warning of ransomware, Active Directory disaster recovery

Here’s an overview of some of last week’s most interesting news and articles:

ERP security: Dispelling common misconceptions
The various applications integrated in ERP systems collect, store, manage, and interpret sensitive data from the many business activities, which allows organizations to improve their efficiency in the long run. Needless to say, the security of such a crucial system and all the data it stores should be paramount for every organization.

Confirmed: Browsing histories can be used to track users
Browsing histories can be used to compile unique browsing profiles, which can be used to track users, Mozilla researchers have confirmed.

The state of GDPR compliance in the mobile app space
A group of academics from three German universities has decided to investigate whether and how mobile app vendors respond to subject access requests, and the results of their four-year undercover field study are dispiriting.

Most organizations have no Active Directory cyber disaster recovery plan
Although 97% of organizations said that Active Directory (AD) is mission-critical, more than half never actually tested their AD cyber disaster recovery process or do not have a plan in place at all, a Semperis survey of over 350 identity-centric security leaders reveals.

A 2020 approach to security: People matter
Forgetting the people of the PPT approach is like operating a car without airbags. Perhaps you cannot physically see the hazardous gap, but the drive will be incredibly unsafe.

How do I select a password management solution for my business?
To select a suitable password management solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Three places for early warning of ransomware and breaches that aren’t the dark web
There are three additional, sometimes overlooked sources of early warning clues of ransomware and breaches I have seen yield more direct, actionable insights in my years as an incident response leader.

Facing gender bias in facial recognition technology
The algorithms used for facial recognition today rely heavily on machine learning (ML) models, which require significant training. Unfortunately, the training process can result in biases in these technologies. If the training doesn’t contain a representative sample of the population, ML will fail to correctly identify the missed population.

Malicious iOS SDK breaches user privacy for millions
Researchers discovered a malicious functionality within the iOS MintegralAdSDK (aka SourMint), distributed by Chinese company Mintegral.

Protect your organization in the age of Magecart
The continuing wave of attacks by cybercriminal groups known under the umbrella term Magecart perfectly illustrates just how unprepared many e-commerce operations are from a security point of view. It all really boils down to timing. If the e-commerce world was able to detect such Magecart attacks in a matter of seconds (rather than weeks or months), then we could see an end to Magecart stealing all of the cybercrime headlines.

The evolution of IoT asset tracking devices
Asset tracking is one of the highest growth application segments for the Internet of Things (IoT). According to a report by ABI Research, asset tracking device shipments will see a 51% year-on-year device shipment growth rate through 2024.

The global cost of cybercrime per minute to reach $11.4 million by 2021
Cybercrime costs organizations $24.7, YOY increase of more than $2 every minute, a RiskIQ report reveals. It will also have a per-minute global cost of $11.4 million by 2021, a 100% increase over 2015.

91% of cybersecurity pros want stricter internet measures to tackle misinformation
There’s a growing unease amongst the cybersecurity community around the recent rise in misinformation and fake domains, Neustar reveals.

New attack vectors make securing virtual companies even more challenging
As organizations are settling into long-term remote working, new attack vectors for opportunistic cyberattackers—and new challenges for network administrators have been introduced, Nuspire reveals.

COVID-19 impact on digital transformation, cloud and security strategies
Half a year into the shutdown, companies are still playing catch up to optimize their remote work experience, according to Infoblox.

Swap Detector: Open source tool for detecting API usage errors
GrammaTech has released Swap Detector, an open source tool that enables developers and DevOps teams to identify errors due to swapped function arguments, which can also be present in deployed code.

Week in review: Kali Linux 2020.3, mobile security threats, ISO certs at risk of lapsing

Here’s an overview of some of last week’s most interesting news and articles:

Updated cryptojacking worm steals AWS credentials
A malicious cryptocurrency miner and DDoS worm that has been targeting Docker systems for months now also steals Amazon Web Services (AWS) credentials.

Thousands of ISO certifications at risk of lapsing due to halted re-certification audits
Thousands of valuable ISO management system certifications earned by UK companies may now be at risk because auditors from Certification Bodies may not have been able to attend organizations’ premises to conduct essential re-certification audits during the current coronavirus pandemic.

Kali Linux 2020.3 released: A new shell and a Bluetooth Arsenal for NetHunter
Offensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform. You can download it or upgrade to it.

How do I select a risk assessment solution for my business?
To select a suitable risk assessment solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Fileless worm builds cryptomining, backdoor-planting P2P botnet
A fileless worm dubbed FritzFrog has been found roping Linux-based devices – corporate servers, routers and IoT devices – with SSH servers into a P2P botnet whose apparent goal is to mine cryptocurrency.

Disrupting a power grid with cheap equipment hidden in a coffee cup
Cyber-physical systems security researchers at the University of California, Irvine can disrupt the functioning of a power grid using about $50 worth of equipment tucked inside a disposable coffee cup.

What enterprises should consider when it comes to IoT security
Many enterprises have realized that the IoT presents tremendous business opportunities. The IoT can help businesses stay agile in changing situations and maintain a high level of visibility into operations, while positively impacting their bottom line. According to a BI Intelligence report, those who adopt IoT can experience increased productivity, reduced operating costs and expansion into new markets.

Potential Apache Struts 2 RCE flaw fixed, PoCs released
Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability (CVE-2019-0230) and PoC exploits for it have been published.

Most ICS vulnerabilities disclosed this year can be exploited remotely
More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and remote access connections, according to Claroty.

Internal audit leaders should develop new skills to stay relevant
Chief audit executives (CAEs) and internal audit leaders report their next-generation competency levels in three vital areas – governance, methodology and enabling technology – to be remarkably low, a Protiviti survey reveals.

ATM makers fix flaws allowing illegal cash withdrawals
ATM manufacturers Diebold Nixdorf and NCR have fixed a number of software vulnerabilities that allowed attackers to execute arbitrary code with or without SYSTEM privileges, and to make illegal cash withdrawals by committing deposit forgery and issueing valid commands to dispense currency.

3 tips to increase speed and minimize risk when making IT decisions
There is nothing like a crisis to create a sense of urgency and spawn actions. This is especially true for enterprise IT teams, who are tasked with new responsibilities and critical decisions.

62% of blue teams have difficulty stopping red teams during adversary simulation exercises
New Exabeam research shows that 62 percent of blue teams have difficulty stopping red teams during adversary simulation exercises.

Know the threats to mobile security
Where there’s money, there’s also an opportunity for fraudulent actors to leverage security flaws and weak entry-points to access sensitive, personal consumer information. This has caused a sizeable percentage of consumers to avoid adopting mobile banking completely and has become an issue for financial institutions who must figure out how to provide a full range of financial services through the mobile channel in a safe and secure way.

Why do healthcare organizations have a target on their back?
While there has been an uptick of attacks on healthcare organizations due to coronavirus, a 2019 Healthcare Data Breach Report found more healthcare records were breached in 2019 than in the six years from 2009 to 2014, indicating that the rise of threats to healthcare records has been an ongoing trend.

Brand impersonation is a go-to tactic for attackers, especially for credential phishing and BEC attacks
Trends in BEC and email security during Q2 2020 included a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC attack volume and acceleration of payment and invoice fraud, according to an Abnormal Security report.

Five ways to maximize FIDO
Perform a quick Google search for “causes of data breaches”, and you will be inundated with reports of stolen credentials and weak passwords. Organizations can spend billions on technology to harden their systems against attack, but they are fighting a losing battle until they are able to confidently attribute a login with a valid user.

Terrascan open source software helps developers build secure cloud infrastructure
Accurics unveiled a major upgrade to Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC).

Expand your cloud expertise: Discount on CCSP training
Challenging times call for exceptional measures. And (ISC)² is committed to helping you keep your Certified Cloud Security Professional (CCSP) certification goals on track this year. (ISC)² is bringing back special pricing on flexible CCSP exam prep so you can keep moving forward with full freedom and confidence.

New infosec products of the week: August 21, 2020
A rundown of the most important infosec products released last week.

Week in review: vBulletin 0-day, open source projects under attack, critical security updates galore

Here’s an overview of some of last week’s most interesting news and articles:

Intel, SAP, and Citrix release critical security updates
August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. Apple released iCloud for Windows updates and Google pushed out fixes to Chrome. They were followed by Intel, SAP and Citrix.

Critical ManageEngine ADSelfService Plus RCE flaw patched
A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands with system level privileges on the target Windows host.

6,600 organizations bombarded with 100,000+ BEC attacks
Cybercriminals are increasingly registering accounts with legitimate services, such as Gmail and AOL, to use them in impersonation and BEC attacks, according to Barracuda Networks.

Exploits for vBulletin zero-day released, attacks are ongoing
The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has discovered.

State-backed hacking, cyber deterrence, and the need for international norms
As time passes, state-backed hacking is becoming an increasingly bigger problem, with the attackers stealing money, information, credit card data, intellectual property, state secrets, and probing critical infrastructure.

Facebook open-sources a static analyzer for Python code
Need a tool to check your Python-based applications for security issues? Facebook has open-sourced Pysa (Python Static Analyzer), a tool that looks at how data flows through the code and helps developers prevent data flowing into places it shouldn’t.

Half of IT teams can’t fully utilize cloud security solutions due to understaffing
There are unrealized gaps between the rate of implementation or operation and the effective use of cloud security access brokers (CASB) within the enterprise, according to a global Cloud Security Alliance survey of more than 200 IT and security professionals from a variety of organization sizes and locations.

Surge in cyber attacks targeting open source software projects
There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found.

Organizations knowingly ship vulnerable code despite using AppSec tools
Nearly half of organizations regularly and knowingly ship vulnerable code despite using AppSec tools, according to Veracode.

The precision of security undermined by a failure to correlate
Oone of the major deficiencies affecting security is not a lack of data or even an aggregation of data, but the central problem is one of correlating data and connecting the dots to find otherwise hidden traces of attack activity.

Why the rapid transition to cloud demands that DevOps shift left
To accommodate remote work policies amid COVID-19, companies have increasingly adopted the public cloud to support off-site business continuity. A MarketsandMarkets analysis found that due to the impact of the current crisis, the cloud market is expected to grow from $233 billion in 2019 to $295 billion by 2021.

DevOps is transforming database development in the healthcare sector
As IT teams across the country struggle with smaller budgets and staffing shortages, every industry has seen a rising demand for standardized process and automation to quickly address pressing needs, according to Redgate.

Expanding attack surfaces leave security teams stretched thin
30% of businesses globally have seen an increase in attacks on their IT systems as a result of the pandemic, HackerOne reveals.

Internal investigations are changing in the age of COVID-19
Internal investigations in corporations are typically conducted by the human resources (HR) department, internal compliance teams, and/or the IT department. Some cases may also require the involvement of outside third parties like forensic experts, consultants, law or accounting firms, or security experts.

10-point plan for securing employee health data collected for COVID-19 prevention
Employee health data is considered personally identifiable information (PII) and should be protected accordingly. This is easier said than done, though.

Securing human resources from cyber attack
As COVID-19 forced organizations to re-imagine how the workplace operates just to maintain basic operations, HR departments and their processes became key players in the game of keeping our economy afloat while keeping people alive.

Maximizing data privacy: Making sensitive data secure by default
Maximizing data privacy should be on every organization’s priority list. We all know how important it is to keep data and applications secure, but what happens when access to private data is needed to save lives? Should privacy be sacrificed? Does it need to be?

New infosec products of the week: August 14, 2020
A rundown of the most important infosec products released last week.

Week in review: Free security tools, TeamViewer flaw, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news and articles:

August 2020 Patch Tuesday forecast: Planning for the end?
There doesn’t seem to be an end in sight to the COVID-19 crisis, but there are some important end-of-life/end-of-support dates we should be aware of when it comes to software.

Researchers flag two zero-days in Windows Print Spooler
Researchers found a way to bypass the patch for CVE-2020-1048 and re-exploit the vulnerability on the latest Windows version. They’ve also discovered a DoS flaw affecting the Print Spooler service, which won’t be patched.

How can security leaders maximize security budgets during a time of budget cuts?
While some security programs have become bloated, many don’t necessarily deserve to be cut. Given the gravity of today’s situation, it’s time for security leaders to step in and do what they can to justify spending that bolsters their company’s overall security posture.

Open source tool Infection Monkey allows security pros to test their network like never before
Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation (BAS) tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework.

TeamViewer flaw could be exploited to crack users’ password
A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation.

PE Tree: Free open source tool for reverse-engineering PE files
PE Tree, a malware reverse-engineering, open source tool developed by the BlackBerry Research and Intelligence team, has been made available for free to the cybersecurity community.

Granting employees admin status is convenient but risky
Freely granting employees admin status is one of the most common mistakes enterprises make.

The COVID-19 pandemic and its impact on cybersecurity
The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for hackers and online scammers, and cybersecurity pros saw a 63 percent increase in cyber-attacks related to the pandemic, according to a survey by ISSA and ESG.

Misconfigured cloud storage services are commonplace in 93% of deployments
Misconfigured cloud storage services are commonplace in a stunning 93% of the cloud deployments analyzed, and most also have at least one network exposure where a security group is left wide open.

Firefox to block redirect tracking
Mozilla has announced a new Firefox protection feature to stymie a new user tracking technique lately employed by online advertisers: redirect tracking.

4 in 10 organizations punish staff for cybersecurity errors
New research has found that 42% of organizations are taking disciplinary action against staff who make cybersecurity errors.

New defense method enables telecoms, ISPs to protect consumer IoT devices
“Most home users don’t have the awareness, knowledge, or means to prevent or handle ongoing attacks,” says Yair Meidan, a Ph.D. candidate at BGU.

New Open Source Security Foundation wants to improve open source software security
The Linux Foundation announced the formation of the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by building a broader community with targeted initiatives and best practices.

Security analysis of legacy programming environments reveals critical flaws
New research from Trend Micro highlights design flaws in legacy languages and released new secure coding guidelines.

Engaging business units in security governance: Why everyone should be concerned
The idea that security is everyone’s business is a familiar refrain. But as enterprises look to combine the speed of software delivery with both cybersecurity and business value, they need to incorporate the idea that business is everyone’s business too.

A Silicon Valley business exec’s tips for maintaining organizational security
With black hat hackers becoming more sophisticated and leveraging the increase in remote working for malicious purposes, new strategies and an increased focus on security best practices is key to keeping a business secure. How can business leaders ensure security is prioritized across their organization?

How to implement expedited security strategies during a crisis
Cybersecurity analysts can confirm that to properly manage a remote digital workforce, an enterprise should focus its security measures on three key pillars.

How AI can alleviate data lifecycle risks and challenges
What are the most common data lifecycle challenges and risks businesses are facing today and how to overcome them?

How privacy can decrease safety
As a software company founder, Lisa Thee spent the majority of 2017 collecting feedback from teens, pediatricians, church leaders, and school administrators of the trends they are seeing in the United States related to sexting and sextortion.

New infosec products of the week: August 7, 2020
A rundown of infosec products released last week.

Week in review: BootHole, RCEs in industrial VPNs, the cybersecurity profession crisis

Here’s an overview of some of last week’s most interesting news, articles, interviews and reviews:

Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data
An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by attackers in the wild.

Researchers find critical RCE vulnerabilities in industrial VPN solutions
Critical vulnerabilities in several industrial VPN implementations for remotely accessing operational technology (OT) networks could allow attackers to overwrite data, execute malicious code or commands, cause a DoS condition, and more.

Twitter employees were spear-phished over the phone
Twitter has finally shared more details about how the perpetrators of the recent hijacking of high-profile accounts to push a Bitcoin scam managed to pull it off. Also, three alleged perpetrators have been identified.

Review: Cyber Warfare – Truth, Tactics, and Strategies
Many future battles will be fought with cyber weapons, narrowing the resources and capabilities gap that long existed between rich and poor nations. All of them can now effectively bring their enemy down.

Public cloud environments leave numerous paths open for exploitation
Cloud estates are being breached through their weakest links of neglected internet-facing workloads, widespread authentication issues, discoverable secrets and credentials, and misconfigured storage buckets.

62,000 QNAP NAS devices infected with persistent QSnatch malware
There are approximately 62,000 malware-infested QNAP NAS (Network Attached Storage) devices located across the globe spilling all the secrets they contain to unknown cyber actors, the US CISA and the UK NCSC have warned.

What are script-based attacks and what can be done to prevent them?
In today’s threat landscape, scripts provide initial access, enable evasion, and facilitate lateral movements post-infection.

How do I select an endpoint protection solution for my business?
To select an appropriate endpoint protection solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Lack of training, career development, and planning fuel the cybersecurity profession crisis
The cybersecurity skills crisis continues to worsen for the fourth year in a row and has impacted 70 percent of organizations, as revealed in a global study of cybersecurity professionals by ISSA and ESG.

Bug in widely used bootloader opens Windows, Linux devices to persistent compromise
A vulnerability (CVE-2020-10713) in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise.

Delivering and maintaining security at the speed of digital transformation
Dustin Rigg Hillard, CTO at eSentire, talks about modern digital threats, the challenges cybersecurity teams face, cloud-native security platforms, and more.

Security teams increasingly stressed due to lack of proper tools, executive support
93% of security professionals lack the tools to detect known security threats, and 92% state they are still in need of the appropriate preventative solutions to close current security gaps, according to LogRhythm.

How well do face recognition algorithms identify people wearing masks?
The answer, according to a preliminary study by the National Institute of Standards and Technology (NIST), is with great difficulty.

NIST selects algorithms to form a post-quantum cryptography standard
After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology (NIST) has winnowed the 69 submissions it initially received down to a final group of 15.

It’s time to tap the next generation of cyber defenders
As college graduates of the Class of 2020 enter the workforce, we welcome a new generation of cyber professionals.

Attackers have created a specialized economy around email account takeover

Things to consider when selecting enterprise SSDs for critical workloads
We sat down with Scott Hamilton, Senior Director, Product Management, Data Center Systems at Western Digital, to learn more about SSDs and how they fit into current business environments and data centers.

Offensive Security acquires security training project VulnHub
Offensive Security has acquired open source security training resource hub VulnHub. The acquisition is part of OffSec’s ongoing mission to provide practical training content to aspiring cybersecurity professionals.

The distinction between human and bot behavior is becoming increasingly blurred
As consumers change their online habits, the distinction between human and bot behavior is becoming increasingly blurred, presenting cybersecurity teams with an even bigger challenge than before when it comes to differentiating humans from bots, and good bot behavior from bad.

What is privacy and why does it matter?
Privacy is a basic right and a necessary protection in the digital age to avoid victimization and manipulation.

DeimosC2: Open source tool to manage post-exploitation issues
TEAMARES launched DeimosC2, addressing the market need for a cross-compatible, open source Command and Control (C2) tool for managing compromised machines that includes mobile support.

Qualys unveils Multi-Vector EDR, a new approach to endpoint detection and response
Taking a new multi-vector approach to Endpoint Detection and Response (EDR), Qualys now brings the unifying power of its highly scalable cloud platform to EDR.

New infosec products of the week: July 31, 2020
A rundown of infosec products released last week.

Week in review: PoC for wormable SharePoint RCE released, how to select a DMARC solution

Here’s an overview of some of last week’s most interesting news and articles:

Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK
Twilio has confirmed that, for 8 or so hours on July 19, a malicious version of their TaskRouter JS SDK was being served from their one of their AWS S3 buckets.

Details and PoC for critical SharePoint RCE flaw released
A “wormable” remote code execution flaw in the Windows DNS Server service (CVE-2020-1350) temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch Tuesday, but CVE-2020-1147, a RCE affecting Microsoft SharePoint, was also singled out as critical and requiring a speedy fix.

REMnux toolkit for malware analysis version 7 released
REMnux is a popular Linux-based toolkit for reverse-engineering malicious software which malware analysts have been relying on for more than 10 years to help them quickly investigate suspicious programs, websites, and document files.

Cybersecurity teams are struggling with a lack of visibility into key security controls
89% of security professionals are most concerned about phishing, web and ransomware attacks. This is especially alarming, considering that only 48% confirm that they have continuous visibility into the risk area of phishing, web and ransomware, a Balbix report reveals.

BadPower: Fast chargers can be modified to damage mobile devices
If you needed another reason not to use a charger made available at a coffeeshop or airport or by an acquaintance, here it is: maliciously modified fast chargers may damage your phone, tablet or laptop and set it on fire.

20,000+ new vulnerability reports predicted for 2020, shattering previous records
Over 9,000 new vulnerabilities have been reported in the first six months of 2020, and we are on track to see more than 20,000 new vulnerability reports this year — a new record, Skybox Security reveals.

Infosec is a mindset as well as a job, but burnout can happen to anyone
Time and again (and again), survey results tell us that many cybersecurity professionals are close to burnout and are considering quitting their jobs or even leaving the cybersecurity industry entirely.

Microsoft releases new encryption, data security enterprise tools
Microsoft has released (in public preview) several new enterprise security offerings to help companies meet the challenges of remote work.

Ransomware recovery: Moving forward without backing up
For IT, the biggest concern with a remote workforce is the inability to control the network in a traditional sense. Perhaps their greatest fear is a ransomware attack on company data made possible by users connected through their VPN and attaching to file shares.

In addition to traditional DDoS attacks, researchers see various abnormal traffic patterns
In the first quarter of 2020, DDoS attacks rose more than 278% compared to Q1 2019, and more than 542% compared to the last quarter, as published in the Nexusguard Q1 2020 Threat Report. DDoS attacks have become a global risk, and as attacks continue to increase in complexity, further spurred by the pandemic, ISPs will have to strengthen their security measures.

IT teams failing to deliver a positive remote employee experience
Conducted during the coronavirus pandemic, 1E unveils the findings of an analysis of the remote employee experience and the digital workplace in 2020.

How do cybercriminals secure cybercrime?
Trend Micro unveiled new insights analyzing the market for underground hosting services and detailing how and where cybercriminals rent the infrastructure that hosts their business.

How do I select a DMARC solution for my business?
To select a suitable DMARC solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

People work more while at home, but worry about data security
A global research report by Lenovo highlights the triumphs, challenges and the consequences of the sudden shift to work-from-home (WFH) during the COVID-19 pandemic and how companies and their IT departments can power the new era of working remotely that will follow.

Human error: Understand the mistakes that weaken cybersecurity
43% of US and UK employees have made mistakes resulting in cybersecurity repercussions for themselves or their company, according to a Tessian report.

27% of consumers hit with pandemic-themed phishing scams
Phishing is the top digital fraud scheme worldwide related to the COVID-19 pandemic.

Digital privacy: A double-edged sword
Digital privacy is paramount to the global community, but it must be balanced against the proliferation of digital-first crimes, including child sexual abuse, human trafficking, hate crimes, government suppression, and identity theft. The more the world connects with each other, the greater the tension between maintaining privacy and protecting those who could be victimized.

There’s CISSP training, then there’s official CISSP training
Put your trust in an (ISC)² Official Training Provider for your CISSP exam prep. (ISC)² partners with leading training providers throughout the world, so you have convenient access to official training that meets your needs.

Week in review: Counterfeit Cisco switches, hijacked Twitter accounts, vulnerable SAP applications

Here’s an overview of some of last week’s most interesting news and articles:

New wave of attacks aiming to rope home routers into IoT botnets
A Trend Micro research is warning consumers of a major new wave of attacks attempting to compromise their home routers for use in IoT botnets.

High-profile Twitter accounts hijacked to push Bitcoin scam. How did it happen?
The Twittersphere went into overdrive as a bunch of prominent, verified Twitter accounts were hijacked and started promoting a COVID-19 cryptocurrency giveaway scam.

Critical flaw gives attackers control of vulnerable SAP business applications
SAP has issued patches to fix a critical vulnerability (CVE-2020-6287) that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker.

Cyberwarfare: The changing role of force
Whether used as a force multiplier for disinformation operations, for stand-alone projections of power or carefully calibrated escalations of conflict, cyber weapon use is growing on the international stage.

How do I select a network detection and response solution for my business?
To select an appropriate network detection and response solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

How secure is your web browser?
NSS Labs released the results of its web browser security test after testing Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, for phishing protection and malware protection.

Investigation highlights the dangers of using counterfeit Cisco switches
An investigation, which concluded that counterfeit network switches were designed to bypass processes that authenticate system components, illustrates the security challenges posed by counterfeit hardware.

340 GDPR fines for a total of €158,135,806 issued since May 2018
Since rolling out in May 2018, there have been 340 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine, Privacy Affairs finds.

July 2020 Patch Tuesday: Microsoft plugs wormable Windows DNS Server RCE flaw
On this July 2020 Patch Tuesday, Microsoft has plugged 18 critical and 105 high-severity flaws, Adobe has delivered security updates for ColdFusion, Adobe Genuine Service, Adobe Download Manager, Adobe Media Encoder and Adobe Creative Cloud Desktop Application, and Oracle is set to deliver fixes for 433 vulnerabilities.

Security alerts more than doubled in the last 5 years, SecOps teams admit they can’t get to them all
Sumo Logic announced the findings of a global survey that highlight the barriers security professionals are facing on the path to modernizing the security operations center (SOC).

Cisco patches critical flaws in VPN routers and firewalls
Cisco has fixed 33 CVE-numbered flaws in a variety of its devices, including five critical ones affecting RV-series VPN routers and firewalls and Cisco Prime License Manager, which is used by enterprises to manage user-based licensing.

2020: The year of increased attack sophistication
There was an increase in both cyberattack volume and breaches during the past 12 months in the U.S. This has prompted increased investment in cyber defense, with U.S. businesses already using an average of more than nine different cybersecurity tools, a VMware survey found.

The crypto-agility mandate, and how to get there
To achieve long-term data protection in today’s fast-changing and uncertain world, companies need the ability to respond quickly to unforeseen events. Threats like quantum computing are getting more real while cryptographic algorithms are subject to decay or compromise. Without the ability to identify, manage and replace vulnerable keys and certificates quickly and easily, companies are at risk.

Researchers extract personal data from video conference screenshots
Video conference users should not post screen images of Zoom and other video conference sessions on social media, according to Ben-Gurion University of the Negev researchers, who easily identified people from public screenshots of video meetings on Zoom, Microsoft Teams and Google Meet.

Is DNS a vital component of your security strategy?
Security and risk (S&R) teams often use DNS to detect and block threats early in the kill chain, identify compromised devices, and investigate and respond to malware, an Infoblox survey reveals.

A look at modern adversary behavior and the usage of open source tools in the enterprise
Leszek Miś is the founder of Defensive Security, a principal trainer and security researcher with over 15 years of experience. Next week, he’s running an amazing online training course – In & Out – Network Exfiltration and Post-Exploitation Techniques [RED Edition] at HITBSecConf 2020 Singapore, so it was the perfect time for an interview.

Email impersonations becoming pervasive, preying on a distracted and dispersed workforce
Impersonations have become pervasive, and are by far the most prevalent type of email-based attack ending up in business’s inboxes. This is according to a survey report by GreatHorn.

Ransomware, then and now: The change in data theft behavior
Every time ransomware moves out of the news cycle, someone will ask whether cybercriminals have moved on to other, perhaps more lucrative, activities. Unfortunately, not only is ransomware alive and well, but it’s also evolving.

HITB Lockdown: Hands-on technical trainings coming next week!
HITB Lockdown 002 will feature a number of hands-on technical trainings, taking place July 20-23, 2020.

Week in review: MongoDB attacks, hackers hitting F5 BIG-IP, Citrix devices, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and reviews:

Attackers are probing Citrix controllers and gateways through recently patched flaws
SANS ISC’s Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on his F5 BigIP honeypot (set up to flag CVE-2020-5902 exploitation attempts).

Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all
Attackers are bypassing a mitigation for the BIG-IP TMUI RCE vulnerability (CVE-2020-5902) originally provided by F5 Networks.

July 2020 Patch Tuesday forecast: Will the CVE trend continue?
Microsoft has averaged roughly 90 common vulnerabilities and exposures (CVE) fixes per month over the past five months. With everyone working from home and apparently focused on bug fixes, I expect this large CVE fixing trend to continue. Despite these record CVE numbers, the actual number of updates have been down; we haven’t seen Exchange or SQL Server updates in a while.

How do I select an application security testing solution for my business?
To select the perfect application security testing solution for your business, you need to think about an array of details. We’ve talked to several industry professionals to get insight to help you get started.

Researchers discover how to pinpoint the location of a malicious drone operator
Researchers at Ben-Gurion University of the Negev (BGU) have determined how to pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone.

Exposing the privacy risks of home security cameras
An international study has used data from a major provider of home IP security cameras to evaluate potential privacy risks for users.

Zoom zero-day flaw allows code execution on victim’s Windows machine
A zero-day vulnerability in Zoom for Windows may be exploited by an attacker to execute arbitrary code on a victim’s computer. The attack doesn’t trigger a security warning and can be pulled off by getting the victim to perform a typical action such as opening a received document file.

MongoDB is subject to continual attacks when exposed to the internet
On average, an exposed Mongo database is breached within 13 hours of being connected to the internet.

Cybersecurity software sales and training in a no-touch world
The pandemic has led to an outbreak of cybercriminal activity focused on remote workers and enterprises that needed to quickly migrate to the cloud to maintain business continuity. More than 3,100 phishing and counterfeit websites were created each day in January. By March, that figure exceeded 8,300. Communication and collaboration phishing sites also grew by 50% from January to March.

Tech businesses must rethink their IT infrastructure
Working life has changed drastically in recent months. Speedy digital transformation has been critical for business continuity and has been driving growth even during these challenging times.

Review: Cybersecurity Threats, Malware Trends, and Strategies
If you’re looking for a book that’s easy to read but has a lot of useful information and may give you some new perspectives on cybersecurity, this is the right one for you.

Better cybersecurity hinges on understanding actual risks and addressing the right problems
SANS Technology Institute’s Internet Storm Center (ISC) has been a valuable warning service and source of critical cyber threat information to internet users, organizations and security practitioners for nearly two decades. Dr. Johannes Ullrich, the man whose site (DShield.org) became the basis of a SANS project (Incident.org) that later became the Internet Storm Center, has been leading the effort from the start.

Data exfiltration: The art of distancing
Since late 2019, an evolving tactic to publicly demonstrate that not only were criminals inside a company’s network, but their unfettered access allowed them the opportunity to leave with data (which is regulated) began to emerge: the threat to leak sensitive content if ransom wasn’t paid. Indeed, such was the ferocity of the claims by victims, that the tactic was perceived as a way to extort more money.

Magecart Group 8 skimmed card info from 570+ online shops
Your payment card information got stolen but you don’t know how, when and where? Maybe you shopped on one of the 570 webshops compromised by the Keeper Magecart group (aka Magecart Group 8) since April 1, 2017.

Three major gaps in the Cyberspace Solarium Commission’s report that need to be addressed
Released in March 2020, the Cyberspace Solarium Commission’s report urges for the U.S. government and private sector to adopt a “new, strategic approach to cybersecurity,” namely layered cyber deterrence.

Business efficiency metrics are more important than detection metrics
With cyberattacks on the rise, today’s security professionals are relying primarily on detection metrics – both key performance indicators (KPIs) and key risk indicators (KRIs) – as the primary means to measure the success of their security programs. However, focusing on detection metrics alone is not enough to fully optimize organizational productivity and security over time.

USB storage devices: Convenient security nightmares
There’s no denying the convenience of USB media. From hard drives and flash drives to a wide range of other devices, they offer a fast, simple way to transport, share and store data. However, from a business security perspective, their highly accessible and portable nature makes them a complete nightmare, with data leakage, theft, and loss all common occurrences.

Elasticsearch security: Understand your options and apply best practices
The ever-escalating popularity of Elasticsearch – the distributed open source search and log analytics engine that has become a staple in enterprise application developers’ tool belts – is well-warranted. Elasticsearch security lapses, however, have been a headline-grabbing thorn in the side of the technology.

An effective cloud security posture begins with these three steps
Public cloud adoption continues to surge, with roughly 83% of all enterprise workloads expected to be in the cloud by the end of the year. The added flexibility and lower costs of cloud computing make it a no-brainer for most organizations.

Week in review: MacOS ransomware, attackers bypassing WAFs, how to select a SIEM solution

Here’s an overview of some of last week’s most interesting news, articles and reviews:

Critical flaw opens Palo Alto Networks firewalls and VPN appliances to attack, patch ASAP!
Palo Alto Networks has patched a critical and easily exploitable vulnerability (CVE-2020-2021) affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixed version as soon as possible.

Does analyzing employee emails run afoul of the GDPR?
A desire to remain compliant with the European Union’s General Data Protection Regulation (GDPR) and other privacy laws has made HR leaders wary of any new technology that digs too deeply into employee emails. This is understandable, as GDPR non-compliance pay lead to stiff penalties.

40% of security pros say half of cyberattacks bypass their WAF
There are growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their Web Application Firewall (WAF), Neustar reveals.

New technique keeps your online photos safe from facial recognition algorithms
Researchers have developed a technique that safeguards sensitive information in photos by making subtle changes that are almost imperceptible to humans but render selected features undetectable by known algorithms.

How do I select a SIEM solution for my business?
To select an appropriate SIEM solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals in order to get insight to help you get started.

New EvilQuest macOS ransomware is a smokescreen for other threats
A new piece of ransomware dubbed EvilQuest is being delivered bundled up with pirated versions of popular macOS software, researchers warned.

Magento 1 reaches EOL: Merchants urged to upgrade or risk breaches, falling out of PCI DSS compliance
When Adobe released security updates for Magento last week, it warned that the Magento 1.x branch is reaching end-of-life (EOL) and support (EOS) on June 30, 2020, and that those were the final security patches available for Magento Commerce 1.14 and Magento Open Source 1.

Ransomware attacks are increasing, do you have an emergency plan in place?
39% of organizations either have no ransomware emergency plan in place or are not aware if one exists. This is despite more ransomware attacks being recorded in the past 12 months than ever before, Ontrack reveals.

Microsoft fixes two RCE flaws affecting Windows 10 machines
Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines.

Key cybersecurity industry challenges in the next five years
Pete Herzog, Managing Director at ISECOM, is so sure that artificial intelligence could be the biggest security problem to solve and the biggest answer to the privacy problem that he cofounded a company, Urvin.ai, with an eclectic group of coders and scientists to explore this.

Fake “DNS Update” emails targeting site owners and admins
Attackers are trying to trick web administrators into sharing their admin account login credentials by urging them to activate DNSSEC for their domain.

200% increase in invoice and payment fraud BEC attacks
There has been a 200 percent increase in BEC attacks focused on invoice or payment fraud from April to May 2020, according to Abnormal Security. This sharp rise continues the trend.

Review: Qualys VMDR
It’s 2020 and the importance of vulnerability management should go without saying. In fact, knowing your assets and performing continuous vulnerability management are two of the Top 20 Critical Security Controls delineated by the Center for Internet Security (CIS).

Remote employees encounter 59 risky URLs per week
Working remotely from home has become a reality for millions of people around the world, putting pressure on IT and security teams to ensure that remote employees not only remain as productive as possible, but also that they keep themselves and corporate data as secure as possible.

Data security matters more than ever in the new normal
A boom in remote access goes hand-in-hand with an increased risk to sensitive information. Verizon reports that 30 percent of recent data breaches were a direct result of the move to web applications and services.

New vulnerabilities in open source packages down 20% compared to last year
New vulnerabilities in open source packages were down 20% compared to last year suggesting security of open source packages and containers are heading in a positive direction, according to Snyk.

New privacy-preserving SSO algorithm hides user info from third parties
Associate Professor Satoshi Iriyama from Tokyo University of Science and his colleague Dr Maki Kihara have recently developed a new SSO algorithm that on principle prevents holistic information exchange.

Using confidential computing to protect Function-as-a-Service data
Organizations are embracing the power of Function-as-a-Service (FaaS). FaaS can be viewed as a very positive and beneficial result coming from years of data successfully migrating and operating in public clouds. AWS Lambda, Azure Functions and Google Cloud are today’s market leading platforms for enterprises to realize the power and benefits of FaaS.

How data science delivers value in a post-pandemic world
While the primary focus must be on preserving cash flow, what many companies don’t realize is the power evolving data science applications have on business continuity and growth during these uncertain times, and the importance of shifting data science roles in implementing effective solutions.