Week in review: CISO do’s and don’ts, Windows Defender scan fail, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news, articles and podcasts:

CISO do’s and don’ts: Lessons learned
Keeping a business safe from cyber threats while allowing it to thrive is every CISO’s goal. The task is not easy: a CISO has to keep many balls in the air while being buffeted by an increasingly complex and always shifting threat landscape. Consequently, the importance of a good CISO should not be underestimated.

Security is slowly becoming essential to doing business
Business have been making the switch from on-prem to the cloud for quite some time now, and most organizations are familiar with Gen1 cloud services where they could spool up an on-demand service for a non-business critical need with just a credit card. The problem now is that they want to do the same for business-critical workloads and CISOs have to fight to change that mindset.

(IN)SECURE Magazine issue 63 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 63 has been released today. It’s a free download, no registration required.

A bug made some Windows Defender antivirus scans fail
Microsoft has released a fix for a bug that made its Windows Defender Antivirus fail after a few seconds when users opted for a Quick or Full scan of the system.

Only one quarter of retail banks have adopted an integrated approach to financial crime systems
Most banks plan to integrate their fraud and financial crime compliance systems and activities in response to new criminal threats and punishing fines, with the U.K. leading the pack, according to a survey by Ovum, on behalf of FICO.

Exploitation of IoT devices and Windows SMB attacks continue to escalate
Cybercriminals upped the intensity of IoT and SMB-related attacks in the first half of 2019, according to a new F-Secure report.

Confidential data of 24.3 million patients discovered online
Greenbone Networks has released details of new research in to the security of the servers used by health providers across the world to store images of X-rays as well as CT, MRI and other medical scans.

Should you trust your smart TV or streaming device?
“Smart” devices might be handy and offer higher quality services, but users should be aware that everything comes with a price. And we’re not talking here about the price of the actual device, but of the fact that these devices collect device, user and user behavior information and send it to a variety of third-parties.

Five ways to manage authorization in the cloud
The public cloud is being rapidly incorporated by organizations, allowing them to store larger amounts of data and applications with higher uptime and reduced costs, while at the same time, introducing new security challenges.

Four in five businesses need ways to better secure data without slowing innovation
While data loss protection is critical to Zero Trust (ZT), fewer than one in five organizations report their data loss prevention solutions provide transformational benefits and more than 80 percent say they need a better way to secure data without slowing down innovation, according to Code42.

SLAs: What your cybersecurity vendor isn’t telling you
Service Level Agreements (SLAs) have been used in the IT world for many years as a contractual mechanism for holding service providers accountable and extracting defined payments and penalties when they mess up. Likewise, vendors have used SLAs to put their “money where their mouth is” in terms of fulfilling value promises and establishing important metrics for their customers. In reality, SLAs have not kept up with either of these purposes.

Researchers uncover 125 vulnerabilities across 13 routers and NAS devices
In a cybersecurity study of network attached storage (NAS) systems and routers, Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industrywide problem of a lack of basic security diligence. The vulnerabilities discovered in the SOHOpelessly Broken 2.0 research likely affect millions of IoT devices.

Threat visibility is imperative, but it’s even more essential to act
Cyberthreats are escalating faster than many organizations can identify, block and mitigate them. Visibility into the expanding threat landscape is imperative, but according to a new threat report released by CenturyLink, it is even more essential to act.

Mini eBook: CCSP Practice Tests
The Certified Cloud Security Professional (CCSP) shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures.

Only 15% of organizations can recover from a severe data loss within an hour
There’s a global concern about the business impact and risk from rampant and unrestricted data growth, StorageCraft research reveals.

Phishing attacks up, especially against SaaS and webmail services
Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report.

Targeted threat intelligence and what your organization might be missing
In this Help Net Security podcast recorded at Black Hat USA 2019, Adam Darrah (Director of Intelligence), Mike Kirschner (Chief Operating Officer) and Christian Lees (Chief Technology Officer) from Vigilante, talk about how their global threat hunting and dark web cyber intelligence research team extends the reach of a company’s security resources, and lives within the underground community to remain ahead of emerging threats.

Download: RFP templates for EDR/EPP and APT protection
Cynet is addressing this need with the definitive RFP templates for EDR/EPP and APT protection, an expert-made security requirement list, that enables stakeholders to accelerate and optimize the evaluation process of the products they evaluate.

What are the most connected countries around the world?
How connected a country is does not only mean how freely information can be reached or how many people have access to the internet or social media – it goes much further than that, influencing our lifestyle, how we do business and even the power and reputation of our respective countries.

Businesses facing post breach financial fallout by losing customer trust
44% of Americans, 38% of Brits, 33% of Australians, and 37% of Canadians have been the victim of a data breach, according to newly released research conducted by PCI Pal.

DNSSEC fueling new wave of DNS amplification attacks
DNS amplification attacks swelled in the second quarter of this year, with the amplified attacks spiking more than 1,000% compared with Q2 2018, according to Nexusguard.

Improving the security, privacy and safety of future connected vehicles
The security, privacy and safety of connected autonomous vehicles (CAVs) has been improved thanks to testing at WMG, University of Warwick.

The use of open source software in DevOps has become strategic for organizations of all sizes
A higher percentage of top performing teams in enterprise organizations are using open source software, according to a survey conducted by DevOps Research and Assessment (DORA) and Google Cloud. Additionally, the proportion of Elite performers (highest performing teams) nearly tripled from last year, showing that DevOps capabilities are driving performance.

How organizations view and manage cyber risk
Amid a wider range of issues to handle, a majority of board members and senior executives responsible for their organization’s cyber risk management had less than a day in the last year to spend focused on cyber risk issues, the 2019 Marsh Microsoft Global Cyber Risk Perception Survey results have revealed.

Some IT teams move to the cloud without business oversight or direction
27% of IT teams in the financial industry migrated data to the cloud for no specific reason, and none of them received financial support from management for their cloud initiatives, according to Netwrix.

Researchers analyzed 16.4 billion requests to see how bots affect e-commerce
The sophistication level of bots attacking e-commerce sites is on the rise, with nearly four-fifths (79.2 percent) classified as moderate or sophisticated, up from 75.8 percent in 2018, according to the Imperva report.

Old Magecart domains are finding new life in fresh threat campaigns
Magecart has so radically changed the threat landscape, victimizing hundreds of thousands of sites and millions of users, that other cybercriminals are building campaigns to monetize their handiwork, a RiskIQ research reveals.

Key threats and trends SMB IT teams deal with
MSPs are significantly more concerned with internal data breaches and rapidly evolving technology practices, whereas internal IT teams are more concerned with employee behavior/habits, according to a Central by LogMeIn report.

Organizations continue to struggle with privacy regulations
Many organizations’ privacy statements fail to meet common privacy principles outlined in GDPR, CCPA, PIPEDA, including the user’s right to request information, to understand how their data is being shared with third parties and the ability of that information to be deleted upon request, according to the Internet Society’s Online Trust Alliance (OTA).

BotSlayer tool can detect coordinated disinformation campaigns in real time
A new tool in the fight against online disinformation has been launched, called BotSlayer, developed by the Indiana University’s Observatory on Social Media.

Share this
You are reading
fire

Week in review: CISO do’s and don’ts, Windows Defender scan fail, new issue of (IN)SECURE