Week in review: Red teaming, quantum computing, blockchain innovation
Here’s an overview of some of last week’s most interesting news, articles and podcasts:
Quantum computing: The new moonshot in the cyber space race
The race to develop quantum technologies is an all-out sprint, if not a marathon, and quantum computing is gearing up to be this century’s moonshot.
Should you block newly registered domains? Researchers say yes
7 out of 10 newly registered domains (NRDs) are either malicious, suspicious or not safe for work, say Palo Alto Networks researchers, and advise organizations to block access to them with URL filtering.
Cybersecurity salary, skills, and stress survey
Exabeam is conducting an annual survey to understand skills, compensation trends and workplace trends among SOC and security analysts. They will randomly select 10 winners for an Exabeam branded marine layer quarter zip and one grand prize—a DJI Phantom 3 Advanced drone equipped with a camera.
Identifying vulnerable IoT devices by the companion app they use
A group of researchers from Indiana University Bloomington and Symantec Research Labs have recently unveiled the promising result of one such approach: they’ve analyzed 2,081 IoT companion apps and confirmed that at least 164 IoT devices from 38 different vendors were definitely vulnerable.
Backdoored Ruby gems stole credentials, injected cryptomining code
The compromise of several older versions of a popular Ruby software package (aka a Ruby “gem”) has led to the discovery of a more widespread effort to inject malware and mining software through Trojanized gems.
2019 Cloud Security Report: Latest trends and challenges
The (ISC)²-sponsored 2019 Cloud Security Report is based on a comprehensive survey of cybersecurity professionals in the 400,000+ cybersecurity community on LinkedIn.
Unlocking the future of blockchain innovation with privacy-preserving technologies
Beyond the criticisms directed at today’s open source, decentralized, public blockchains pertaining to scalability, there’s also the matter of privacy.
VLC users urged to implement latest security update
VLC, the popular cross-platform media player, has reached version 3.0.8, which fixes over a dozen security vulnerabilities, some of which could be exploited by attackers to achieve code execution on victims’ machines.
Protecting iOS and Android applications in a fully automated way
In this Help Net Security podcast recorded at Black Hat USA 2019, Dave Belt, Technology Evangelist at Irdeto, and Jaco du Plooy, VP Cloakware at Irdeto, discuss the current threat landscape, software security trends, and the importance of protecting iOS and Android applications.
When will the GDPR pot boil over? It’s sooner (and different) than you think
The GDPR sauces have been slowly simmering and are just beginning to boil. Just how hot is it? Let’s take a look at the security and privacy lessons from enforcement actions small and large, especially for security, privacy professionals and executives.
European Central Bank shuts down website following hack, data theft
The European Central Bank (ECB) confirmed on Thursday that its Banks’ Integrated Reporting Dictionary (BIRD) website has been compromised by attackers and taken down until the situation is brought under control.
Researchers were able to detect what is typed using just a smartphone
You likely know to avoid suspicious emails to keep hackers from gleaning personal information from your computer. But a new study from SMU (Southern Methodist University) suggests that it’s possible to access your information in a much subtler way: by using a nearby smartphone to intercept the sound of your typing.
Free eBook: SOAR Platforms
A SOAR platform represents an evolution in security operations driven by the vast amounts of data that must be processed.
Three essential elements of a successful Zero Trust cybersecurity program
Three considerations can help organizations move toward a stronger Zero Trust security approach.
Securing the cloud: Visibility, compliance and vulnerability management
In this Help Net Security podcast recorded at Black Hat USA 2019, Hari Srinivasan, Director of Product Management for Qualys, talks about the basics of securing your cloud.
With shadow IT running rampant, how can IT keep pace?
It’s not just the threat of malware that should have network teams concerned about shadow IT.
Automating CCPA compliance: Organize your data and manage requests
Time is running out for California-based businesses to prepare for the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020. Despite the Act being big news in the information security industry since its passing, many outside of it have never heard of it, and some don’t even know if it applies to their business.
Cisco warns about public exploit code for critical flaws in its 220 Series smart switches
Cisco has fixed over 30 vulnerabilities in various solutions, including Cisco UCS Director, Cisco UCS Director Express for Big Data, Cisco IMC Supervisor, and the Cisco 220 Series smart switches.
From SmarterChild to Siri: Why AI is the competitive advantage securing businesses
The dream of an AI-influenced world is finally here. After decades of writing about it, AI has reached a point where it’s ingrained into our daily lives.
Identifying evasive threats hiding inside the network
It is not enough to monitor and log activity throughout the network – organizations need to be able to combine multiple sources of data to spot the subtle signs of a stealthy attacker at work.
Red teaming: Why a forward offense is the best defense
To get the most out of red teaming, companies should first assess the maturity of their security program. Without internal resources in place, red teaming may provide information on areas of improvement that your company will not have the capabilities to address.
Cybersecurity challenges for smart cities: Key issues and top threats
Smart energy, utilities, water and wastage, parking and automotive, industrial and manufacturing, building automation, e-government and telemedicine, surveillance and public safety are just some of the verticals that vendors and governments must secure.
Most IT pros find red team exercises more effective than blue team testing
More than one-third of security professionals’ defensive blue teams fail to catch offensive red teams, a study from Exabeam reveals.
Ransomware attacks hit 1 in 5 Americans
66% of Americans believe that government organizations should never make ransomware payments to cyber criminals. 64% of registered voters will not vote for candidates who approve of making ransomware payments.
Routers from well-known manufacturers vulnerable to cross-router data leaks
While many organizations and home networks use a host and guest network on the same router hardware to increase security, a new study by Ben-Gurion University indicates that routers from well-known manufacturers are vulnerable to cross-router data leaks through a malicious attack on one of the two separated networks.
New infosec products of the week: August 23, 2019
A rundown of infosec products released last week.