Week in review: Vaporworms, 8 months of GDPR, penetration testing effectiveness

Here’s an overview of some of last week’s most interesting news and articles:

Why vaporworms might be the scourge of 2019
Not too long ago, the WatchGuard Threat Lab predicted the emergence of vaporworms as a major new cyber threat that will affect organizations of all sizes in 2019. We coined the term to describe a new breed of fileless malware with self-propagating, wormlike properties. At the time of the initial prediction, our team was fairly sure this idea was more than conjecture, but now the advent of the vaporworm in 2019 seems to be an abject certainty.

Apple fixes FaceTime eavesdropping bug, two iOS zero-days
Apple has pushed out critical security updates for iOS and macOS, which fix the “Facepalm” FaceTime eavesdropping bug but also two zero-day flaws that, according to Google researchers, have been exploited in the wild.

How today’s workforce stays secure and what apps it prefers
User-focused security apps KnowBe4, LastPass, and Proofpoint dominate the list of fastest growing apps within enterprises, according to Okta.

Lookalike domains: Artificial intelligence may come to the rescue
How can enterprises and users defend themselves from the threats caused by lookalike domains?

70 real-life hackers and cybersecurity practitioners share their personal insights
Marcus J. Carey and Jennifer Jin have the ear of some of the biggest names in the field and have generously decided to generously share that access. Their book Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is a compilation of answers seventy cybersecurity luminaries have given to questions most of us always wanted to ask.

8 months of GDPR: 59,000+ reported breaches, 91 fines
A little over eight months have passed since the EU General Data Protection Regulation (GDPR) became enforceable, but it’s becoming clear that sweeping data breaches under the carpet has become a very high-risk strategy.

Four differences between the GDPR and the CCPA
Although the California Consumer Privacy Act appears to be like the General Data Protection Regulation, there are four main differences between the two laws.

5 reasons why asset management is a hot topic in 2019
Sometimes buzzwords are good predictors of what organizations see as priorities in a given year. If you surveyed both the revenue-generating and security functions of enterprises in 2019, you would hear two terms often repeated: digital transformation and zero trust.

CISOs: Change your mindset or lose your job
Whilst CISOs are now involved in 90% of significant business decisions, the research found that just 25% of business executives perceive CISOs as proactively enabling digital transformation – which is a key goal for 89% of organizations.

What do successful pentesting attacks have in common?
In external penetration testing undertaken for corporate clients in industrial, financial, and transport verticals in 2018, Positive Technologies found that, at the vast majority of companies, there were multiple vectors in which an attacker could reach the internal network.

AI won’t solve all of our cybersecurity problems
AI is already supporting businesses with tasks ranging from determining marketing strategies, to driverless cars, to providing personalized film and music recommendations. Can businesses expect AI adoption to effectively protect them from cyber threats?

RSA Conference 2019 USA: What you can expect at this year’s event
Britta Glade, Director of Content and Curation for RSA Conference, tells us about this year’s event.

eBook: The DevOps Roadmap for Security
Download this eBook (registration required) to learn how to extend the benefits of DevOps to security and how to embrace and implement modern DevSecOps principles, practices, and tooling.

DevOps and DevSecOps developments to watch in 2019
James Wickett, Head of Research at Signal Sciences, offers predictions about DevOps and DevSecOps for 2019.

The problem with vulnerable IoT companion apps
A group of researchers from Brazil’s Federal University of Pernambuco and the University of Michigan have analyzed 32 unique companion Android apps for 96 WiFi and Bluetooth-enabled devices popular on Amazon.

Evaluating the biggest cyber threats to the electric power sector
A new Deloitte Global report, “Managing cyber risk in the electric power sector,” evaluates the biggest cyberthreats to the electric power sector and suggests how companies can manage these risks.

Email authentication use growing steadily in every industry sector
U.S. federal government agencies and many major enterprises have made significant strides to thwart the spread of fake emails, a major cybersecurity attack vector. But many organizations remain susceptible because they’re still not using readily available open standards-based technologies that prevent these fakes from reaching end-user inboxes.

New infosec products of the week: February 8, 2019
A rundown of infosec products released last week.