Week in review: Employee cybersecurity essentials, ASUS attack, lessons learned from crypto hacks
Here’s an overview of some of last week’s most interesting news and articles:
Attackers compromised ASUS to deliver backdoored software updates
Unknown attackers have compromised an update server belonging to Taiwanese computer and electronics maker ASUS and used it to push a malicious backdoor on a huge number of customers. A few days after the revelation (by Kaspersky Lab researchers) ASUS confirmed the compromise and released a clean version of Live Update software.
Encrypted attacks growing steadily, cybercriminals are increasingly targeting non-standard ports
In 2018, SonicWall recorded the decline of cryptojacking, but more ransomware, highly targeted phishing, web application attacks and encrypted attacks.
Employee cybersecurity essentials part 1: Passwords and phishing
Your company may have state-of-the-art monitoring and the latest anti-malware and anti-virus programs, but that doesn’t mean you’re not at risk for a breach, or that – as an employee, that you’re not putting your company at risk.
What worries you the most when responding to a cybersecurity incident?
The clock starts ticking immediately following a cybersecurity incident with the first 24 hours vital in terms of incident response.
Lessons learned from the many crypto hacks
The one poignant lesson that crypto investors globally have learned over the years is that despite the immutable, impenetrable nature of the technology behind cryptocurrencies and blockchain, their crypto investments and transactions are not secure.
Apple fixed some interesting bugs in iOS and macOS
In addition to announcing a number of new products and subscription services, Apple has released security updates for iOS, macOS, Safari, tvOS, iTunes, iCloud, and Xcode.
61% of CIOs believe employees leak data maliciously
There is a perception gap between IT leaders and employees over the likelihood of insider breaches. It is a major challenge for businesses: insider data breaches are viewed as frequent and damaging occurrences, of concern to 95% of IT leaders, yet the vectors for those breaches – employees – are either unaware of, or unwilling to admit, their responsibility.
Identify web application vulnerabilities and prioritize fixes with Netsparker
In this Help Net Security podcast, Ferruh Mavituna, CEO at Netsparker, talks about web application security and how Netsparker is helping businesses of any size keep their web applications secure.
When it comes to file sharing, the cloud has very few downsides
Organizations storing data and documents they work on in the cloud is a regular occurrence these days. The cloud offers scalability in terms of storage and cloud services often provide helpful folder- and file-sharing capabilities and content control measures.
Consumers willing to dump apps that collect private data, but can’t tell which are doing so
Two in three consumers are willing to dump data-collecting apps if the information collected is unrelated to the app’s function, or unless they receive real value – such as that derived through email or browsers.
How to build an effective vulnerability management program
The concept of vulnerability management has undergone a number of changes in the last few years. It is no longer simply a synonym for vulnerability assessment, but has grown to include vulnerability prioritization, remediation and reporting.
Weighing the options: The role of cyber insurance in ransomware attacks
When companies become victims of a ransomware event, it may be tempting for them to simply pay the ransom and move on. But for organizations who hold a cyber insurance policy, other factors must be analyzed to determine what comes next.
Cybercriminals are increasingly using encryption to conceal and launch attacks
In this Help Net Security podcast, Deepen Desai, VP Security Research & Operations at Zscaler, talks about the latest Zscaler Cloud Security Insight Report, which focuses on SSL/TLS based threats.
The ransomware attack cost Norsk Hydro $40 million so far
A little over a week after the beginning of the ransomware attack targeting Norsk Hydro, the company has estimated that the costs it incurred because of it have reached 300-350 million Norwegian crowns ($35-41 million).
Cisco botched patches for its RV320/RV325 routers
Cisco RV320 and RV325 WAN VPN routers are still vulnerable to attack through two flaws that Cisco had supposedly patched.
Serverless, shadow APIs and Denial of Wallet attacks
In this Help Net Security podcast, Doug Dooley, Chief Operating Officer at Data Theorem, discusses serverless computing, a new area that both DevOps leaders and enterprise security leaders are having to tackle.
2017 Cisco WebEx flaw increasingly leveraged by attackers, phishing campaigns rise
Network attacks targeting a vulnerability in the Cisco Webex Chrome extension have increased dramatically. In fact, they were the second-most common network attack, according to WatchGuard Technologies latest Internet Security Report for the last quarter of 2018.
Secure workloads without slowing down your DevOps flows
In this Help Net Security podcast recorded at RSA Conference 2019, David Meltzer, CTO at Tripwire, and Lamar Bailey, Senior Director of Security Research at Tripwire, discuss the challenges of securing DevOps.
Third-party cyber risk management is a burden on human and financial resources
Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective.
Build-time security: Block risk and security issues from production rings
Build-time security has become a standard part of any security program and continues to grow in popularity with the shift left movement. In its most popular form, it’s a series of checks that take place as code makes its way from a developer’s laptop into production to ensure that the code is free from known vulnerabilities.
New infosec products of the week: March 29, 2019
A rundown of infosec products released last week.