Week in review: API security, malware-less email attacks, reversing the cybersecurity skills shortage

Here’s an overview of some of last week’s most interesting news and articles:

What can we do to reverse the cybersecurity skills shortage?
Having a strong pipeline of talent coming through is vital to help organizations and individuals protect themselves. How do you feed that pipeline, though?

Verizon details breaches they were called in to investigate
Last year, Verizon Enterprise Solutions released a Data Breach Digest that gathered 16 cybercrime case studies. This year, each of the 18 case studies has been released separately.

Banking Trojan attacks increase, large scale Ramnit campaign impacts organizations worldwide
Ramnit has doubled its global impact over the past few months, driven by a large scale campaign that has been converting victim’s machines into malicious proxy servers.

APIs: The Trojan horses of security
At the moment, within the cybersecurity industry the emphasis tends to be on securing networks with perimeter-based protection, however, leaving an application endpoint unsecured means an application programming interface (API) can serve as a gateway to the data centre by which attackers can effectively attack the backend via bots, and compromised or impersonating applications. With banks having to share their APIs due to recent PSD2 regulations, keeping applications and APIs secure is more important than ever.

Tech support scammers leverage “evil cursor” technique to “lock” Chrome
Tech scammers are constantly coming up with new techniques to make users panic and seek their bogus services. The latest one, documented by Malwarebytes researchers, has been dubbed “evil cursor”.

Analysis of half-a-billion emails reveals malware-less email attacks are on the rise
FireEye analyzed over half-a-billion emails from 1H 2018, and found that 32% of email traffic seen in the first half of 2018 was considered ‘clean’ and actually delivered to an inbox. Their report also found that 1 in every 101 emails had malicious intent.

Many adults want to reskill for cybersecurity careers
A new survey from Champlain College Online shows that not only are the majority of Americans concerned about cybersecurity threats, but many are willing to consider returning to college to pursue a cybersecurity education.

Hackers wage a new Cold War
Many believe the US and Russia have returned to a Cold War footing, one that promises to re-imagine war. The peril from this new hybrid type of warfare incorporates cyber tactics focusing on soft targets designed to disrupt businesses, our economy and other areas of our society that were normally safe from adversaries.

Preventing exfiltration of sensitive docs by flooding systems with hard-to-detect fakes
A group of researchers from Queen’s University (Canada) have proposed a new approach for keeping important documents safe: creating so many believable fakes that attackers are forced either to exfiltrate them all or to try to find the real one from within the system. Of course, both actions carry an increased risk of detection.

Cybersecurity as catalyst for greater adoption of agile development
Agile security makes it possible to achieve both engineering speed/responsiveness and good security.

A case for more accessible cybersecurity
If you’re a part of the infosec community, you’re likely all too familiar with the frantic calls, text messages and emails we receive from our friends and family about how they’ve been ‘hacked’ and asking what they should do about it.

Mobile fraud is increasing, attack rates rising 24% year-over-year
ThreatMetrix released new cybercrime insights from the first half of 2018, revealing a sharp rise in fraud attack levels on mobile transactions. As consumer behavior increasingly embraces mobile for virtually all online goods and services, fraudsters are starting to close the gap on this channel.

A closer look at the IT/OT landscape for infosec professionals
In this podcast, Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, and Edward Amoroso, CEO of TAG Cyber, talk about industrial control system security.

Phished credentials caused twice as many breaches than malware in the past year
Personal device use for remote work poses the biggest security risk to organisations safeguarding their increasingly mobile and cloud-based IT environment, according to a new survey of 100 UK-based senior IT security professionals.

September 2018 Patch Tuesday: Microsoft fixes actively exploited zero-day
Microsoft’s September 2018 Patch Tuesday has brought fixes for a little over 60 security vulnerabilities, 17 of which are critical and one is being actively exploited in the wild.

Password inadequacy remains a top threat
New research from the WatchGuard Threat Lab revealed that 50 percent of government and military employee LinkedIn passwords were weak enough to be cracked in less than two days.

British Airways breach was effected by Magecart attackers
The British Airways breach was the work of a well-known criminal group dubbed Magecart, which managed to put payment card skimming code on the company’s website, says RiskIQ researcher Yonathan Klijnsma.

New infosec products of the week​: September 14, 2018
A rundown of infosec products released last week.




Share this