Week in review: Trojanized hacking tools, coronavirus scams, (IN)SECURE Magazine special issue
Here’s an overview of some of last week’s most interesting news, articles and podcasts:
The haphazard response to COVID-19 demonstrates the value of enterprise risk management
Just 12% of more than 1,500 respondents believe their businesses are highly prepared for the impact of coronavirus, while 26% believe that the virus will have little or no impact on their business, according to a survey by Gartner.
Coronavirus-themed scams and attacks intensify
With the Western world conducting a considerable chunk of its day-to-day life online, with the help of computers, mobile phones and email, they are open to a variety of coronavirus-related cyber scams and schemes.
Hackers are getting hacked via trojanized hacking tools
Someone has been trojanizing a wide variety of hacking tools to compromise the machines of hackers who want to use the tools for free, Cybereason researcher Amit Serper has revealed.
Most computers easy to hack due to vulnerability in memory chips
Most computer systems are still very easy to hack, due to a vulnerability in memory chips produced by Samsung, Micron and Hynix, according to a study by researchers from VUSec of the Vrije Universiteit Amsterdam.
PPP Daemon flaw opens Linux distros, networking devices to takeover attacks
A vulnerability (CVE-2020-8597) in the Point-to-Point Protocol Daemon (pppd) software, which comes installed on many Linux-based and Unix-like operating systems and networking devices, can be exploited by unauthenticated attackers to achieve code execution on – and takeover of – a targeted system.
(IN)SECURE Magazine: RSAC 2020 special issue released
RSA Conference, the world’s leading information security conference and exposition, concluded its 29th annual event in San Francisco.
Automate manual security, risk, and compliance processes in software development
In this podcast recorded at RSA Conference 2020, we’re joined by Ehsan Foroughi, Vice President of Products from Security Compass, an application security expert with 13+ years of management and technical experience in security research. He talks about a way of building software so that cybersecurity issues all but disappear, letting companies focus on what they do best.
Microsoft releases patch for leaked SMBv3 RCE flaw
After the inadvertent leaking of details about a wormable Windows SMBv3 RCE flaw (CVE-2020-0796) on March 2020 Patch Tuesday, Microsoft has rushed to release a patch (i.e., security updates).
Cybercriminals leveraging coronavirus outbreak to execute ransomware attacks
Cybercriminals are likely to leverage the global anxiety around the coronavirus outbreak to execute ransomware attacks against businesses, according to RiskIQ.
Scientists expose another security flaw in Intel processors
Computer scientists at KU Leuven have once again exposed a security flaw in Intel processors. Jo Van Bulck, Frank Piessens, and their colleagues in Austria, the United States, and Australia gave the manufacturer one year’s time to fix the problem.
Hackers are compromising vulnerable ManageEngine Desktop Central instances
Is your organization using ManageEngine Desktop Central? If the answer is yes, make sure you’ve upgraded to version 10.0.474 or risk falling prey to attackers who are actively exploiting a recently disclosed RCE flaw (CVE-2020-10189) in its software.
Europe’s Gaia-X cloud service faces a difficult future
The European Commission, France, Germany and hundreds of companies have announced their own cloud initiative – Gaia-X. Gaia-X will ostensibly help European providers not only compete with the US and Chinese tech giants, but also ensure they have more control over their own data.
Maximizing customer engagement when fraud prevention is top of mind
With the number of data records breached in 2019 surpassing four billion, fraud prevention and regulatory compliance are, inevitably, top priorities for financial institutions (FIs).
Applying the 80/20 rule to cloud security
The 80/20 rule, which was first introduced as Pareto’s principle in 1941 by American engineer Joseph Juran, suggests that 20 percent of your activities (in life, business, athletics, etc.) will account for 80 percent of your results. Simply put: work smarter, not harder.
What is open threat intelligence and what is driving it?
In this podcast recorded at RSA Conference 2020, Todd Weller, Chief Strategy Officer at Bandura Cyber, discusses the modern threat intelligence landscape and the company’s platform.
Passwords still dominant authentication method, top cause of data breaches
Passwords remain the dominant method of authentication and top cause of data breaches, according to MobileIron. A new report also highlighted the importance of a zero trust security strategy that provides context-aware, conditional access to a device or user.
Why a risk-based approach to application security can bolster your defenses
Like it or not, cybercrime is big business these days. A casual glance at the news at any given time will typically reveal several new breaches, usually involving eye-watering amounts of personal or sensitive information stolen. As such, any executive board worth its salt should have long realized the importance of robust cyber defenses.
DNS over HTTPS misuse or abuse: How to stay secure
In this podcast recorded at RSA Conference 2020, Srikrupa Srivatsan, Director of Product Marketing at Infoblox, talks about these trends and what you can do to safeguard your enterprise environment.
Coronavirus as an opportunity to evolve security architecture
Fear of coronavirus infections has resulted in organizations ruling out large meetings. Healthy individuals are in home-quarantine for weeks at a time, even though they are not necessarily thought to carry the virus. This large number of individuals complying with house arrest is putting a strain on many organizations that have not shifted their working styles to accommodate large-scale remote workers.
Excel template: Plan and monitor your security spending
The Ultimate Security Budget Plan & Track template is an Excel spreadsheet that comes pre-packaged with the required formulas to continuously measure, on a monthly basis, the planned and actual security investments, providing immediate visibility into any mismatch between the two. In addition, for each month there is a summary, displaying the percentage of how much of the overall annual budget has been already consumed.
eBook: Automating Incident Response
This 17-page e-book examines the increasing pressures faced by cybersecurity teams, risks of ineffective alert triage and new automation capabilities that dramatically improve the efficiency of security operations.