Week in review: Norsk Hydro cyber attack, Android privacy, exploiting IMAP to bypass MFA

Here’s an overview of some of last week’s most interesting news and articles:

Norsk Hydro cyber attack: What happened?
“Hydro subject to cyber-attack,” warned Oslo-headquartered Norsk Hydro ASA, one of the world’s biggest aluminum producers, on Tuesday. The company continued to keep the public appraised of the evolving situation.

Attackers are exploiting IMAP to bypass MFA on Office 365, G Suite accounts
Where possible, and especially for important accounts such as Office 365 and G Suite accounts, the prevailing advice for users is to enable two-factor authentication. Unfortunately, that security measure does not stop some attackers that engage in password-spraying attacks.

(IN)SECURE Magazine: RSAC 2019 special issue released
RSA Conference, the world’s leading information security conferences and expositions, concluded its 28th annual event in San Francisco.
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Featured in this issue are the most important news and companies from RSA Conference 2019.

CEOs more likely to receive pay rise after a cyber attack. Wait, what?
Bosses are more likely to receive a pay rise after their firm suffers a cybersecurity breach, a study has found.

Meet the new generation of white hats
As software vendors are becoming more security cautious they are more willing to pay White Hats for vulnerabilities to be reported to them before they can be uncovered and exploited by hackers.

Latest tactics used by cybercriminals to bypass traditional email security
Cybercriminals are continuously using new strategies to get past email security gateways, with brand impersonation being used in 83 percent of spear-phishing attacks, while 1 in 3 business email compromise attacks are launched from Gmail accounts.

How the Google and Facebook outages could impact application security
With major outages impacting Gmail, YouTube, Facebook and Instagram recently, consumers are right to be concerned over the security of their private data. While details of these outages haven’t yet been published, the implications of these outages are something we should be looking closely at.

The modern threat landscape and expanding CISO challenges
Prior to starting Signal Sciences, its founders were running security at Etsy, and growing frustrated with existing legacy technology. So they built their own. For this interview with Andrew Peterson, CEO at Signal Sciences, we dig deep into hot topics such as modern CISO challenges and application security visibility.

Cryptojacking of businesses’ cloud resources still going strong
While the value of cryptocurrencies like Bitcoin and Monero has been declining for a while now and Coinhive, the most popular in-browser mining service, has stopped working, cryptojacking is still a considerable threat.

Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites
The FBI’s shutdown of the 15 largest distributed denial-of-service (DDoS) for hire vendors (booters) reduced the overall number of attacks worldwide by nearly 11 percent compared to the same period last year.

Latest trends in automated threat intelligence-driven network security
Since the earliest days of the Internet both network threats and network defenses have been evolving. In this Help Net Security podcast recorded at RSA Conference 2019, Todd Weller, Chief Strategy Officer at Bandura Cyber, talks about the latest trends in automated threat intelligence-driven network security.

2019 may be a record year for enterprise breaches, but secure collaboration tools could help
Despite business executives agreeing that cybersecurity is a major challenge, businesses globally are severely unprepared for cyberattacks.

The privacy risks of pre-installed software on Android devices
Many pre-installed apps facilitate access to privileged data and resources, without the average user being aware of their presence or being able to uninstall them.

Current phishing defense strategies and execution are not hitting the mark
There is still a divide when it comes to organizations employing awareness activities such as email newsletters and online and in-person training, when compared to assessments of what employees have learned, through simulations and other knowledge-based tools.

You may trust your users, but can you trust their files?
In this Help Net Security podcast recorded at RSA Conference 2019, Aviv Grafi, CEO at Votiro, talks about their Content Disarm and Reconstruction (CDR) technology for protection against cyber threats.

Four key security tips when using any collaboration technology
With database breaches and ransomware attacks making daily news, security is now a top priority for companies, and collaboration solutions are no exception.

Nearly half of organizations lack the necessary talent to maintain security measures
Regardless of their size, organizations share a common challenge: IT security teams are understaffed and overextended.

The art of securing ERP applications: Protecting your critical business processes
In this Help Net Security podcast recorded at RSA Conference 2019, Juan Pablo Perez-Etchegoyen, CTO at Onapsis talks about the challenges of securing and monitoring ERP applications for vulnerabilities and compliance gaps across cloud and on-premise deployments.

Security fatigue leads many to distrust personal data protection, can you blame them?
20 percent of Americans suffer from security fatigue and don’t trust anyone to protect their personal data. As a result, some people feel they need to take matters into their own hands or at least work with organizations that give them a greater sense of control.

Android Q will come with improved privacy protections
Android Q, the newest iteration of Google’s popular mobile OS, is scheduled to be made available to end users at the end of August.

Cyber preparedness essential to protect EU from large scale cyber attacks
To prepare for major cross-border cyber-attacks, an EU Law Enforcement Emergency Response Protocol has been adopted by the Council of the European Union.

Breaking the cybersecurity stalemate by investing in people
For businesses, it’s a continuation of the same frustrating stalemate – plenty of cybersecurity pains and no gains. Making matters worse, industry-watchers expect unfilled security positions to reach nearly 4 million in just a few years. The problem is, many leaders are not recognizing the value of training, and how the cost-effective investments they make in this realm could make a real difference – now and into the future.

More about

Don't miss