Week in review: IE zero-day, S3 bucket security, rise of RDP as a target vector

Here’s an overview of some of last week’s most interesting news, articles and podcasts:

Cybersecurity automation? Yes, wherever possible
Automated systems are invaluable when it comes to performing asset discovery, evaluation and vulnerability remediation, sifting through mountains of data, detecting anomalous activity and, consequently, alleviating the everyday burdens of security teams.

How can we thwart email-based social engineering attacks?
More than 99 percent of cyberattacks rely on human interaction to work, Proofpoint recently shared. More often than not, the principal attack method is phishing emails.

Top challenges for CIOs in a multi-cloud world
Lost revenue (49%) and reputational damage (52%) are among the biggest concerns as businesses transform into software businesses and move to the cloud, according to Dynatrace.

How SMBs can bring their security testing on par with larger enterprises
What are the challenges of securing small and medium-sized enterprises vs. larger ones? And how can automated, continuous security testing help shrink the gap?

Podcast: Potential problems with the software supply chain for industrial sites
Industrial security pioneer Eric Byres, CEO of aDolus, speaks to software supply chain trust issues and some of the technology his new venture aDolus Inc. is developing to help.

Year-over-year malware volume increased by 64%
The most common domains attackers use to host malware and launch phishing attacks include several subdomains of legitimate sites and Content Delivery Networks (CDNs) such as CloudFlare.net, CloudFront.net (which belongs to Amazon), SharePoint and Amazonaws.com, along with legitimate file-sharing websites like my[.]mixtape[.]moe, according to WatchGuard.

vBulletin zero-day exploited in the wild in wake of exploit release
An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it didn’t take long for attackers to start using it.

IT vs OT: Challenges and opportunities – podcast
The Industrial Security Podcast featuring Andrew Ginter: The differences between IT and OT teams and approaches both make life difficult and represent opportunities to improve industrial operations.

Cybercriminals plan to make L7 routers serve card stealing code
One of the Magecart cybercriminal groups is testing a new method for grabbing users’ credit card info: malicious skimming code that can be loaded into files used by L7 routers.

How data breaches forced Amazon to update S3 bucket security
Amazon launched its Simple Storage Service (better known as S3) back in 2006 as a platform for storing just about any type of data under the sun. Since then, S3 buckets have become one of the most commonly used cloud storage tools for everything from server logs to customer data, with prominent users including Netflix, Reddit, and GE Healthcare. While S3 rolled out of the gate with good security principals in mind, it hasn’t all been smooth sailing.

How important is packet capture for cyber defense?
Organizations using full packet capture are better prepared to battle cyber threats, according to an Enterprise Management Associates (EMA) report.

Passwordless authentication is here ​now​, and it is vastly superior to using a password
Large and respected organizations, including a significant healthcare software provider, are already using passwordless authentication technology with great success. Here is how TraitWare has completed the journey to deliver this technology.

Disclosing vulnerabilities to improve software security is good for everyone
Today, software companies and security researchers are near universal in their belief that disclosing vulnerabilities to improve software security is good for everyone, according to a Veracode report.

What security and privacy enhancements has iOS 13 brought?
With the release of iPhone 11 and its two Pro variants, Apple has released iOS 13, a substantial functional update of its popular mobile operating system.

Rise of RDP as a target vector
Recent reports of targeted attacks using RDP as an initial entry vector have certainly caused significant headlines in lieu of the impact they have caused. In the midst of city wide impacts, or even million dollar (plus) demands it is easy to overlook the initial entry vector.

Tackling biometric breaches, the decentralized dilemma
A recent discovery by vpnMentor revealed a worst case scenario for biometrics: a large cache of biometric data being exposed to the rest of the world. In this case web-based biometric security smart lock platform, BioStar 2, was breached.

Should the National Security Council restore the cybersecurity coordinator role?
Former national security advisor John Bolton’s elimination of the cybersecurity coordinator role in May 2018 came as a surprise to many in the cybersecurity industry, especially security professionals that are tasked with securing federal networks, protecting critical infrastructure and providing cybersecurity governance.

Product showcase: NetLib Security Encryptionizer
NetLib Security has spent the past 20+ years developing a powerful, patented solution that starts by setting up a defense for any organization wherever your data resides: physical, virtual and cloud. Our platform is geared to simplify the process for you while ensuring unprecedented levels of security are in place.

CISO role grows in stature, but challenges remain
In order to find out how CISOs perceive the state of their profession, Optiv Security interviewed 200 CISOs or senior security personnel with equivalent responsibilities in both the US and the UK.

How to start achieving visibility in the cloud
Organizing resources in a way that makes visibility possible beyond the data center (assuming you have that to begin with) is hard. That’s because the way you achieve visibility in the cloud, or at the edge, is fundamentally different than it is in the data center.

Cybersecurity breach experience strengthens CVs
It is in businesses’ best interest to hire cybersecurity leaders who have suffered an avoidable breach, because of the way it changes how security professionals think, feel and behave, according to Symantec.

Microsoft drops emergency Internet Explorer fix for actively exploited zero-day
Microsoft has unexpectedly released out-of-band security updates to fix vulnerabilities in Internet Explorer and Microsoft Defender. The IE zero-day bug is deemed “critical”, as it’s being actively exploited to achieve partial or complete control of a vulnerable systems.

Could audio warnings augment your ability to fight off cyber attacks?
The security of your environment shouldn’t depend on whether you’re looking in the right place at the right time. While active visual means such as dashboards, emails, tickets, and chat messages are a vital part of security event monitoring, they might not get your attention if your eyes are elsewhere.

Whitepaper: The self-fulfilling prophecy of the cybersecurity skills shortage
The tale of two sides: how would cybersecurity pros and organizations solve the cybersecurity skills gap shortage?

Security capabilities are lagging behind cloud adoption
Security professionals regard their existing tools inadequate for securing critical cloud data, even as their organizations invest heavily, with increasing speed, in cloud applications, according to ESG.

Older vulnerabilities and those with lower severity scores still being exploited by ransomware
Almost 65% of top vulnerabilities used in enterprise ransomware attacks targeted high-value assets like servers, close to 55% had CVSS v2 scores lower than 8, nearly 35% were old (from 2015 or earlier), and the vulnerabilities used in WannaCry are still being used today, according to RiskSense.

99% of misconfiguration incidents in the cloud go unnoticed
IaaS is now the fastest growing area of the cloud due to the speed, cost and reliability with which organizations can create and deploy applications, according to McAfee.

How can small companies with limited budgets win at security?
We’ve asked Chris Wysopal, CTO at Veracode and well-renowned security expert who is scheduled to hold a keynote at HITB+ CyberWeek on the topic of distributing security more evenly across all technology, to offer some advice for under-resourced organizations.

Adopting DevOps practices leads to improved security posture
A strong DevOps culture based on collaboration and sharing across teams, leads to an improved security posture, according to Puppet.

Employees are mistakenly confident that they can spot phishing emails
While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work, according to a Webroot survey.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss