Week in review: New Nmap, lateral phishing tactics, Kubernetes security matures

Here’s an overview of some of last week’s most interesting news, articles and podcasts:

Critical Bluetooth flaw opens millions of devices to eavesdropping attacks
A newly disclosed vulnerability (CVE-2019-9506) in the Bluetooth Core Specification can be exploited by attackers to intercept and manipulate Bluetooth communications/traffic between two vulnerable devices.

Pitfalls to avoid when improving your software development skills
The dizzying pace of technological change makes knowledge acquisition and skill development a very big deal in the IT and IT security industry. Luckily, the opportunities for both are myriad, but how to pick the right ones for you?

Optimizing the patch management process
In this podcast recorded at Black Hat USA 2019, Jimmy Graham, Senior Director of Product Management at Qualys, discusses the importance of a tailored patch management process.

Nmap 7.80 released: A mature Npcap Windows packet capturing driver, 11 new NSE scripts
Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Kubernetes security matures: Inside the project’s first audit
Auditing 1.5 million lines of code is a heroic undertaking. With resources provided by the Cloud Native Computing Foundation (CNCF), the Kubernetes Project leadership created the Security Audit Working Group to perform an audit in an open, transparent, and repeatable manner, while also paving the way for future Kubernetes security reviews and research. It included members from Google, Red Hat, Salesforce, InGuardians, and input from the broader security community.

A compendium of container escapes
In this Help Net Security podcast recorded at Black Hat USA 2019, Brandon Edwards, Chief Scientist at Capsule8, talks about about a compendium of container escapes, and the RunC vulnerability in particular.

Moving away from spreadsheets: How to automate your third-party risk management process
Spreadsheets are dumb. Okay, it’s not that spreadsheets are dumb, or that the people who use them are dumb. That’s not at all what I’m saying. What’s dumb is using spreadsheets to manage third-party information security risk. If I’m going to call something dumb, I’d better have some logic to back it up. Good thing. I do.

Link between personality type and vulnerabilities to cybercrime
Only four in 10 (42%) businesses focus on compliance training as part of their cybersecurity protocol to ensure sensitive data is kept secure, reports ESET.

Make sure you keep an eye on your APIs
Application programming interfaces have always been important gateways to our applications, but in recent years, they’ve silently become both more prevalent and more central to app functionality. APIs are everywhere and inside of everything we’re using now.

The changing face of DDoS attacks: Degraded performance instead of total takedown
The number of DDoS attacks might be getting higher, but they are not all massive nor do they always trigger DDoS defenses. In fact, small-scale DDoS attacks are becoming more frequent and sophisticated, according to new research from Neustar’s SOC.

SOC-as-a-Service promises threat protection in a world of scarce resources
Despite more than a few decades’ worth of technological advancement and millions of dollars’ worth of research, cyber threats continue to flourish. The situation has been wreaking havoc—and creating financial nightmares—in virtually every industry around the world. In fact, the average cost of a data breach has risen 12% over the past 5 years and now costs $3.92 million on average —according to Ponemon. And if your company is like most of the ones I know, you’ve got far better things to do with that kind of money.

Researchers reveal the latest lateral phishing tactics
Researchers from Barracuda, UC Berkeley and UC San Diego have studied 180 lateral phishing incidents and have identified the patterns organizations and individuals should be aware of.

August 2019 Patch Tuesday: Microsoft plugs critical wormable RDP holes
It’s that time of the month again: Microsoft, Adobe and Intel have pushed out fixes for a bucketload of security issues in their various software.

Protecting your organization against privileged identity theft
What do the top data breaches of the 21st century have in common? Privileged identity abuse. In these breach instances, well-resourced, external actors were able to gain the credentials of users with access to privileged accounts – such as administrative, service or operational accounts – giving them the ability to collect and exfiltrate industrial-scale amounts of data.

A new online tool monitors the state of internet routing security
The Mutually Agreed Norms for Routing Security (MANRS) initiative announced the launch of the MANRS Observatory, a new online tool that measures the level of networks’ compliance to MANRS, a key indicator of the state of routing security and resiliency of the Internet.

Huge database found leaking biometric, personal info of millions
While working on a web-mapping project, vpnMentor researchers Noam Rotem and Ran Locar discovered a publicly accessible database containing fingerprint records of over 1 million users, facial recognition information, personal information and much more.

Help Net Security report: SecBI’s automated threat detection, response and hunting
SOCs constantly need tools to improve effectiveness, efficiency, and productivity. In surveying the market, Help Net Security evaluated SecBI’s solution for improvement via automated threat detection, response and hunting.

AI vs. AI: Cybersecurity battle royale
David and Goliath. The Invasion of Normandy. No matter the generation, we all know some of the storied battles that have withstood the test of time. In cyberspace, however, there’s a fierce battle brewing surrounding artificial intelligence.

Organizations that scan applications in production have a reduced risk of being breached
Despite a significantly increased focus on application security testing, remediation rates for vulnerabilities continue to shrink, according to WhiteHat Security.

Extending security to fourth parties your business needs, but doesn’t control
While there is much discussion about the data security and privacy risks created by third parties, another source of risk can be significant but overlooked: that from fourth parties – those vendors that your vendors use – who may be integral players in your mission fulfillment but who are beyond your direct contractual oversight.

eBook – Threat intelligence platforms: Everything you’ve ever wanted to know
Today’s threat environment is complex and dynamic. The internet was built for connectivity, not security, and approaches such as intrusion detection systems, anti-virus programs, and traditional incident response methodologies by themselves are no longer sufficient in the face of the widening gap between offensive and defensive capabilities.

Researchers discover 40+ insecure drivers for Windows
Spurred by several past instances of attackers abusing device drivers to install a kernel rootkit or malicious firmware implants, Eclypsium researchers have decided to probe the security of a wide array of drivers.

Digital transformation helps companies work smarter yet makes them vulnerable to breaches
While digital transformation helps companies work smarter, there is a risk that the ongoing digitization may unlock a host of security vulnerabilities that can cost companies money, time, intellectual property, and customer trust, according to a Canon survey.

Closing the cyber skills gap: What to do next
On a global scale, cybersecurity is suffering from a severe shortage of experts. What is to be done? Organizations, government, academia and professional associations need to work together to develop a sustainable cyber skills strategy. To date, strategic thinking has largely focused on what to defend and how to defend, but less on who is going to do it. Now is the time for closing this gap – and fast.

(ISC)2 updates its CCSP certification exam
This is the first update that has been made to the CCSP exam since its inception in 2015.

New infosec products of the week: August 16, 2019
A rundown of infosec products released last week.

Share this
You are reading
architecture

Week in review: New Nmap, lateral phishing tactics, Kubernetes security matures