Week in review: DNS interception, critical Apache Struts flaw, cybersecurity career pathing

Here’s an overview of some of last week’s most interesting news and articles:

The importance of career pathing in the cybersecurity industry
A major issue facing our industry right now is a significant shortage of talented, skilled cybersecurity professionals. Whether that’s due to lack of interest or a fundamental misunderstanding of how to gain a foothold in information security, it’s a problem that industry professionals around the globe are working to address.

Critical Apache Struts flaw opens enterprises to compromise, patch ASAP!
A critical remote code execution vulnerability (CVE-2018-11776) in Apache Struts, the popular open source framework for developing Java-based web apps, could allow remote attackers to run malicious code on the affected servers.

Who owns application security?
In July 2018, F5 released its first annual Application Protection Report. A key question asked for respondents to name their organization’s primary owner of application risk. In theory, one would hope that the CISO was the number one answer by far. In reality, the CISO came in fifth place.

Data from 316 million real-world attacks in AWS and Azure environments
In evaluating 316 million incidents, tCell found it clear that attacks against the application are growing in volume and sophistication, and as such, continue to be a major threat to business.

Who’s trying to eavesdrop on your customers’ encrypted mobile traffic?
The number one source of TLS/SSL Man in the Middle (MitM) attacks on encrypted mobile traffic are not corporate firewalls or captive portals used by hotels, airports and other organizations offering free Wi-Fi access – it’s spyware.

How often are users’ DNS queries intercepted?
A group of Chinese researchers has devised new approaches to detect DNS interception and has leveraged 148,478 residential and cellular IP addresses around the world for analysis.

Secure your open source components automatically, continuously, and silently
In this podcast recorded at Black Hat USA 2018, Azi Cohen, General Manager at WhiteSource, talks about open source lifecycle management.

Hacking smart plugs to enter business networks
McAfee researchers have discovered a buffer overflow flaw in Belkin’s Wemo Insight Smart Plug that can be exploited by attackers to access and interfere with other networked devices and the network itself.

The single sign-on account hijacking threat and what can we do about it?
Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? Can users remediate a takeover of that account and other accounts tied to it?

IoT security: The work on raising the bar continues
One of the main goals of Chief Information Security Officers should be to help the organization succeed, and they are unlikely to do that by denying their organization the ability to take advantage of new technologies.

6.4 billion fake emails sent every day
The Valimail Q2 2018 Email Fraud Landscape shows that fake email continues to be a serious problem, with an estimated 6.4 billion fake emails sent every day.

Why do enterprises take a long time to install vital security updates
More than a quarter (27%) of enterprise IT departments in the US are forced to wait at least a month before installing vital security updates, due to budgetary restraints and overly complex infrastructures.

How to develop the right strategy to increase IoT security
In this podcast recorded at Black Hat USA 2018, Mark Hearn, Strategic Business Development Manager, IoT Security at Irdeto, talks about how IoT connectivity opens you up to new cybersecurity risks, and offers insight on how to protect IoT platforms.

Researchers reveal new online user tracking techniques
Researchers have identified a number of online user tracking techniques that can’t be blocked by browsers’ built-in anti-tracking defenses and existing anti-tracking and ad-blocking extensions.

Smart homes can be easily hacked via unsecured MQTT servers
The Internet of Things is full of security holes, and the latest one has been pointed out by Avast researcher Martin Hron: unsecured MQTT servers.

Don’t sleep on laptop security, safeguard your data
For many of us, shutting our laptops after a tough day in the office is a satisfying feeling that signals the end of work until tomorrow. But what we don’t realise is that simply shutting the lid and putting the laptop into sleep mode can leave it much more vulnerable to cyber-attacks than we might think.

New infosec products of the week​: August 24, 2018
A rundown of infosec products released last week.




Share this