Week in review: Critical Exim flaw, weaponized cars, June Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news and articles:

Apple debuts privacy-minded “Sign in with Apple” SSO
Apple’s new single sign-on (SSO) authentication mechanism is similar to the one provided by Facebook, Google, LinkedIn, Twitter, and others, in that it will allow users to sign in to apps and websites without creating a new account. But there are important differences, mainly focused on assuring users’ privacy.

June Patch Tuesday forecast: Apply updates before BlueKeep hits the streets
The first months of 2019 have seen a record number of vulnerabilities reported and the latest, BlueKeep associated with CVE-2019-0708, has set the forums and security advisory lists on fire.

Embrace chaos to improve cloud infrastructure resilience
Netflix is one of a growing number of companies including Nike, Amazon and Microsoft that leverage chaos engineering as a means of stress testing their cloud infrastructures against a variety of unpredictable cloud events, such as a loss of cloud resources or entire regions.

How likely are weaponized cars?
It is easy to become absorbed by the exaggerated Hollywood depictions of car hacking scenarios – to imagine a not-so-distant future when cars or their supporting infrastructures are hacked by criminals or terrorists and turned into lethal weapons. There are reasons why such a scenario has not happened yet. But could it? And if so, how can we prevent it?

Hack The Sea: Bridging the gap between hackers and the maritime sector
At this year’s DEF CON conference in Las Vegas, a maritime hacking village will bring together individuals and organizations from the hacking community and the maritime sector.

Critical Exim flaw exploitable locally and remotely, patch ASAP!
A critical vulnerability in Exim, the mail transfer agent (MTA) deployed on over half of all Internet-facing mail servers, may allow attackers to run commands as the “root” user.

Criminals are selling hacking services targeting world’s biggest companies
A new study – undertaken by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, and underwritten by Bromium – provides details of first-hand intelligence gathered from covert discussions with dark net vendors, alongside analysis by a panel of global industry experts across law enforcement and government.

Global communications service providers struggling to fend off growing number of DDoS attacks
A lack of timely and actionable intelligence is seen as a major obstacle to DDoS protection.

Why zero trust is crucial to compliance
In a zero trust paradigm, permissions alone do not confer or equate to trust.

Trust nothing: A life in infosec is a life of suspicion
Amit Serper has been a security researcher for the past 15 years. The main lesson he learned throughout all those years is that, in the infosecurity field, one must always doubt everything.

Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT
Field-programmable gate arrays (FPGAs) are, so to say, a computer manufacturer’s “Lego bricks”: electronic components that can be employed in a more flexible way than other computer chips. Even large data centers that are dedicated to cloud services, such as those provided by some big technology companies, often resort to FPGAs. To date, the use of such services has been considered as relatively secure.

Growing reliance on open source libraries leaves many companies vulnerable
Cybercriminals use trust attacks to maliciously manipulate and insert code into open source libraries, taking advantage of organizations’ dependence on them. Unsuspecting developers and site managers actively introduce malware into their own software and websites when they use a compromised OSL.

2018 in numbers: Data breaches cost $654 billion, expose 2.8 billion data records in the U.S.
According to the research, personally identifiable information (PII) was the most targeted data for breaches in 2018, comprising 97% of all breaches.

Is your private equity firm exposed to these hidden IT risks?
These five technology-related risks can put a private equity firm in a precarious position when it comes to realizing a deal thesis or accurately assessing a portfolio company’s return on investment.

Advancing transparency and accountability in the cybersecurity industry
NSS Labs, the Texas-based company that specializes in testing the world’s security products, has a new CEO. Jason Brvenik, the company’s CTO since early 2017, took over the role from Vikram Phatak, the company’s founder.

Industrial cybersecurity strategies need a radical rethink and should be built from the ground up
The paradigm shift brought forth by Industry 4.0 and the Industrial Internet of Things (IIoT) is significantly enhancing the digital and connectivity capabilities of Industrial Control Systems (ICS) across multiple verticals including manufacturing, oil and gas, critical infrastructure, and nuclear power. It has also opened the floodgates to serious cybersecurity risks, threatening to cause billions of dollars in damage to industrial operations worldwide.

Photos: Infosecurity Europe 2019 expo floor
Infosecurity Europe 2019 took place last week in London.

How privileged insiders threaten the security of global organizations
A new global survey from BeyondTrust explores the visibility, control, and management that IT organizations in the U.S., APAC, Europe and the Middle East have over employees, contractors, and third-party vendors with privileged access to their IT networks.

Unclassified data creates security blind spots for most companies
Global businesses continue to house ‘dark data’ within their organizations, creating a honeypot for cybercriminals.

Nearly 12 million Quest Diagnostics patients affected by data breach
Quest Diagnostics, a US-based company that offers medical testing services, has announced that a third-party billing collections company they use has been hit by a data breach, affecting 11.9 million of Quest’s customers.

How organizations are managing vulnerability risks
Tripwire evaluated how organizations are managing vulnerability risks and found that more than one in four (27 percent) globally have been breached as a result of unpatched vulnerabilities, with an even higher rate in Europe (34 percent).

An intelligence-driven approach to cyber threats
What security professionals suffering from alert fatigue need is threat intelligence that has already been vetted and contextualized by human beings.




Share this