Week in review: Avast breach, deepfakes, VisibleV8 monitors JavaScript in the wild

Here’s an overview of some of last week’s most interesting news and articles:

Phishing attacks are a complex problem that requires layered solutions
Most cyber attacks start with a social engineering attempt and, most often that not, it takes the form of a phishing email.

How to remove human error from the cyber risk equation
In attempting to fortify the enterprise’s cyber assets, we have turned much of our attention to human error. After all, the vast majority of hackers rely upon their exploitation of employees to break through corporate defenses, anticipating that these employees will fail to “see” a threat that is hidden inside a seemingly harmless web link, email or on-screen message.

Chance that flaws will ever be dealt with diminishes the longer they stick around
More than half of all security findings (56%) are fixed, but a focus on fixing new findings while neglecting aging flaws leads to increasing security debt, according to Veracode research.

Avast breached by hackers who wanted to compromise CCleaner again
Czech security software maker Avast has suffered another malicious intrusion into their networks, but the attackers didn’t accomplish what they apparently wanted: compromise releases of the popular CCleaner utility.

Deepfakes and voice as the next data breach
Deepfake technology, which uses deep learning to create fake or altered video and audio content, continues to pose a major threat to businesses, consumers, and society as a whole.

18 iOS apps with stealthy ad clicking code removed from App Store
Wandera researchers have discovered 17 apps in Apple’s App Store that contained a clicker module, designed to perform covert ad fraud-related tasks such as opening web pages and clicking on links and ads.

How the under 30s expect new approaches to cybersecurity
In today’s multigenerational workforce, the over-30s are more likely to adopt cybersecurity good practice than their younger colleagues who have grown up with digital technology. This is according to a report on generational attitudes to cybersecurity from the security division of NTT.

Microsoft debuts hardware-rooted security for foiling firmware attacks
Microsoft partnered with mainstream chip and computer makers to deliver hardware protection of firmware right out of the box: the so-called Secured-core PCs are aimed at foiling attackers who rely on exploiting firmware vulnerabilities to surreptitiously gain access to computer systems.

Why organizations must arm their SOCs for the future
Security Operations Centers (SOCs) around the globe represent the first line of defense between enterprises and cyber-threats. This mission requires that SOCs respond to security alerts around the clock, and jump into action as quickly as possible to minimize the damage done from events that are in progress while keeping the uptime of critical operations in accordance to the SLAs.

Whitepaper: Make smarter decisions by using orchestration with intelligence
Analysts in security teams make decisions all day in their investigations that impact the security of the entire organization: Where should I look next? What should I do about this alert? Is this even dangerous?

Phishers have been targeting UN, UNICEF, Red Cross officials for months – and still do
Researchers have brought to light a longstanding phishing campaign aimed at the UN and its various networks, and a variety of humanitarian organizations, NGOs, universities and think tanks.

Blacklisted apps increase 20%, attackers focus on tax-branded key terms
In 2018, global app spending hit $101 billion and is expected to surpass that this year. Mobile is a significant portion of the overall corporate attack surface where security teams often suffer from a lack of visibility.

Firefox 70 lets users track online trackers
Mozilla has released Firefox 70.0, which delivers performance and power consumption improvements, helpful browser features, new options for developers and, most prominently, new security and privacy protections.

VisibleV8: Stealthy open source tool for monitoring JavaScript in the wild
An open source tool that allows users to track and record the behavior of JavaScript programs without alerting the websites that run those programs has been developed at North Carolina State University.

Webinar: Application Protection and Performance Monitoring Using Datadog + Signal Sciences
For years, security, operations, and engineering have struggled to get one cohesive view of application performance and real-time attacks due to multiple streams of data from a variety of operations and security tools that don’t work well together. We are out to change that.

Top five tips for building smarter enterprise security
ExtraHop is offering tips and strategies for enterprise organizations to improve their security posture across hybrid and cloud workloads. Below are tips for building smarter enterprise security.

Security pros like their job, yet many struggle with burnout and work-life balance
There is a persistent gap among cybersecurity professionals regarding gender and diversity, but also challenges with work-life balance.

How to reduce the risk posed by vulnerabilities in IoT/ICS networks?
IoT/ICS networks and unmanaged devices are soft targets for adversaries, increasing the risk of costly downtime, catastrophic safety and environmental incidents, and theft of sensitive intellectual property.

How cybersecurity accelerates business growth
It’s no secret that the cybersecurity industry has grown exponentially over more than a decade due to the proliferation of high-profile cybercrime. Viewing cybersecurity as simply a necessary step to mitigate cyber risk leaves much opportunity on the table. Organizational leaders need to see cybersecurity as a business enabler that can accelerate growth.

Could lighting your home open up your personal information to hackers?
Earlier this year Amazon’s Echo made global headlines when it was reported that consumers’ conversations were recorded and heard by thousands of employees. Now researchers at UTSA have conducted a review of the security holes that exist in popular smart-light brands. According to the analysis, the next prime target could be that smart bulb that shoppers buy this coming holiday season.

New infosec products of the week: October 25, 2019
A rundown of infosec products released last week.