Week in review: BlueKeep vulnerability, preventing Google account takeovers

Here’s an overview of some of last week’s most interesting news and articles:

Data privacy: A hot-button issue for Americans one year after GDPR
In recognition of GDPR’s first anniversary, nCipher Security conducted a survey to gauge American awareness of and sentiment about data privacy and security laws and issues.

If you haven’t yet patched the BlueKeep RDP vulnerability, do so now
If you’re wondering just how critical this vulnerability is, Microsoft’s reaction is a good indication: the company issued fixes for it not just for the supported Windows versions (Windows 7, Windows Server 2008 R2, Windows Server) but also for Windows XP, Windows Vista and Windows Server 2003, which are still widely used but no longer receive mainstream support.

Solving the network visibility problem with NaaS
The most common network visibility challenges today are due to the sheer number of different networks and endpoints utilized by today’s distributed workforce. On top of that, another big challenge is to analyze if an incident is real/false/false-positive and decide what action take.

Ransomware and malware attacks decline, attackers adopting covert tactics
There has been a major decline in ransomware and malware attacks, with Ireland having some of the lowest rates globally, according to the latest report released by Microsoft.

Is your perimeter inventory leaving you exposed? Why it’s time to switch from IP to DNS
Historically, security teams and tools have used IP addresses to define their targets and scopes. But in a world where applications and networks are increasingly cloud-hosted or integrated with third-party services, IP addresses alone aren’t enough to ensure coverage.

Most security pros have considered quitting due to a lack of resources
Companies are suffering from a lack of resources, both in terms of people and technology (79 percent), and 72 percent have considered leaving their jobs for this reason, Censornet research reveals.

Microsoft’s Attack Surface Analyzer now works on Macs and Linux, too
Microsoft has rewritten and open-sourced Attack Surface Analyzer (ASA), a security tool that points out potentially risky system changes introduced by the installation of new software or configuration changes.

How to write an effective data breach notification?
Data breach notifications sent by companies to affected customers are often unclear and not very helpful, University of Michigan researchers have found.

Getting ready for digital transformation: The biggest cybersecurity challenges
DX efforts come with many challenges that need to be effectively addressed so as not to hamper the success of companies’ digital transformation program and strategies.

Microsoft updates break AV software, again!
Microsoft’s May 2019 security fixes have again disrupted the normal functioning of some endpoint security products on certain Windows versions.

US charges Assange with 17 counts under Espionage Act
The US Department of Justice has hit WikiLeaks founder Julian Assange with 17 charges related to illegally obtaining, receiving and disclosing classified information related to the national defense. He is charged with violating the Espionage Act.

How effective are login challenges at preventing Google account takeovers?
Despite implementation bugs that might affect the security of physical security keys, they are the strongest protection against phishing currently available, Google maintains.

Five ways automating IAM saves you money
Identity is the foundation of security, so a robust automated identity and access management (IAM) system is by far the best way to keep your company’s information safe. It’s also a great way to increase efficiency and save money.

High-risk behaviors expose most travelers to cyber risks
Attacks in the travel and transportation industry are becoming more frequent, opening already unwary travelers to cybersecurity threats during their journeys.

Cybercriminals continue to evolve the sophistication of their attack methods
Cybercriminals continue to evolve the sophistication of their attack methods, from tailored ransomware and custom coding for some attacks, to living-off-the-land (LoTL) or sharing infrastructure to maximize their opportunities, according to the Fortinet latest report.

On the path to Zero Trust security: Time to get started
No need to belabour the point. We all know that trying to defend the network perimeter is a bit futile in today’s mobile and cloud first world. So, the obvious question – what’s next?

How small businesses can keep their data secure
If you know how to use the resources that you do have, you can easily secure your data without breaking the bank.

The security challenges of managing complex cloud environments
Holistic cloud visibility and control over increasingly complex environments are essential for successful deployments in various cloud scenarios.

How mainstream media coverage affects vulnerability management
For better or for worse, mainstream media is increasingly covering particularly dangerous, widespread or otherwise notable security vulnerabilities.

Phishing targeting SaaS and webmail services increased to 36% of all phishing attacks
Users of Software-as-a-Service (SaaS) and webmail services are being targeted with increasing frequency, according to the APWG Q1 2019 Phishing Activity Trends Report.

New infosec products of the week: May 24, 2019
A rundown of infosec products released last week.

More about

Don't miss