Week in review: Confidential computing, data protection predictions, Sandworm hackers charged

Here’s an overview of some of last week’s most interesting news, reviews and articles:

What is confidential computing? How can you use it?
What is confidential computing? Can it strengthen enterprise security? Nelly Porter, Senior Product Manager, Google Cloud and Sam Lugani, Lead Security PMM, Google Workspace & GCP, answer these and other questions in this Help Net Security interview.

Cybersecurity is failing due to ineffective technology
Based on over 100 comprehensive interviews with business and cybersecurity leaders from large enterprises, together with vendors, assessment organizations, government agencies, industry associations and regulators, the research shines a light on why technology vendors are not incentivized to deliver products that are more effective at reducing cyber risk.

Safari, other mobile browsers affected by address bar spoofing flaws
Security researcher Rafay Baloch has discovered address bar spoofing vulnerabilities in several mobile browsers, which could allow attackers to trick users into sharing sensitive information through legitimate-looking phishing sites.

Review: Netsparker Enterprise web application scanner
We reviewed Netsparker Enterprise, which is one of the industry’s top choices for web application vulnerability scanning.

Is poor cyber hygiene crippling your security program?
Cybercriminals are targeting vulnerabilities created by the pandemic-driven worldwide transition to remote work, according to Secureworks.

US charges Sandworm hackers who mounted NotPetya, other high-profile attacks
The Sandworm Team hacking group is part of Unit 74455 of the Russian Main Intelligence Directorate (GRU), the US Department of Justice (DoJ) claimed as it unsealed an indictment against six hackers and alleged members on Monday.

Cybercrime capitalizing on the convergence of COVID-19 and 2020 election
The cybersecurity challenges of the global pandemic are now colliding with the 2020 U.S. presidential election resulting in a surge of cybercrime, VMware research reveals.

25 vulnerabilities exploited by Chinese state-sponsored hackers
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks.

Can we trust passwordless authentication?
We are beginning to shift away from what has long been our first and last line of defense: the password. It’s an exciting time. Since the beginning, passwords have aggravated people. Meanwhile, passwords have become the de facto first step in most attacks. Yet I can’t help but think, what will the consequences of our actions be?

Data protection predictions for 2021
2020 presented us with many surprises, but the world of data privacy somewhat bucked the trend. Many industry verticals suffered losses, uncertainty and closures, but the protection of individuals and their information continued to truck on.

Critical infrastructure and industrial orgs can test Azure Defender for IoT for free
Azure Defender for IoT – Microsoft’s new security solution for discovering unmanaged IoT/OT assets and IoT/OT vulnerabilities – is now in public preview and can be put to the test free of charge.

SecOps teams turn to next-gen automation tools to address security gaps
SOCs across the globe are most concerned with advanced threat detection and are increasingly looking to next-gen automation tools like AI and ML technologies to proactively safeguard the enterprise, Micro Focus reveals.

Preventing cybersecurity’s perfect storm
Zerologon might have been cybersecurity’s perfect storm: that moment when multiple conditions collide to create a devastating disaster. Thanks to Secura and Microsoft’s rapid response, it wasn’t.

Most cybersecurity pros believe automation will make their jobs easier
Despite 88% of cybersecurity professionals believing automation will make their jobs easier, younger staffers are more concerned that the technology will replace their roles than their veteran counterparts, according to a research by Exabeam.

Moving to the cloud with a security-first, zero trust approach
Many companies tend to jump into the cloud before thinking about security. They may think they’ve thought about security, but when moving to the cloud, the whole concept of security changes. The security model must transform as well.

5 tips to reduce the risk of email impersonation attacks
Email attacks have moved past standard phishing and become more targeted over the years. In this article, I will focus on email impersonation attacks, outline why they are dangerous, and provide some tips to help individuals and organizations reduce their risk exposure to impersonation attacks.

Webinar: How to think about cybersecurity the way executives think about business
It’s time to change the way we think about cybersecurity and risk management. Cybersecurity is no longer an IT problem to solve or a “necessary evil” to cost manage. Rather, cybersecurity has rapidly stormed the boardroom as a result of high-profile and costly data breaches.

Save 40% on CISSP or CCSP training until November 30
To help you stay committed to your certification, through November 30, (ISC)² is offering a 40% discount off Official CISSP and CCSP Online Instructor-Led Trainings when you bundle with an exam voucher. Training seats are limited, so secure your spot today!

New infosec products of the week: October 23, 2020
A rundown of the most important infosec products released last week.