Week in review: 5G IoT security, efficient password cracking for pentesters, supply chain examination

Here’s an overview of some of last week’s most interesting news and articles:

5G IoT security: Opportunity comes with risks
Slowly but surely, 5G digital cellular networks are being set up around the world. It will take years for widespread coverage and use to be achieved, so what better time than now for finding a way to ease into it while keeping security in mind?

Cybersecurity company benefits should reduce stress but don’t
From start-ups to Silicon Valley giants, tech company employees work in some of the most luxurious offices in the world, especially as the best of businesses battle to attract top talent. For those of us in high-anxiety fields, some attempts have been made to alleviate stress by offering more unique perks. While the goal is admirable, many of these cybersecurity company benefits miss the mark.

G Suite admins get restricted security code option
Earlier this year, Google provided G Suite admins and users with a new 2FA option: one-time security codes based on security keys.

Crooks are exploiting unpatched Android flaw to drain users’ bank accounts
Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users’ mobile banking credentials and empty their accounts, a Norwegian app security company has warned.

Review: Cyber Smart
Do you believe you’re not interesting or important enough to be targeted by a cybercriminal? Do you think your personal data doesn’t hold any value? Bart R. McDonough proves why those beliefs are wrong in his book Cyber Smart: Five Habits to Protect Your Family, Money, and Identity from Cyber Criminals.

CrackQ: Efficient password cracking for pentesters and red teamers
CrackQ employs automation to make password cracking a faster and more efficient undertaking for pentesters and red teamers.

Prevent credential stuffing and account takeover attacks with these expert tips
Account takeover and credential stuffing attacks are two security threats that often go hand in hand. Both have become alarmingly prominent: a recent report found that one-fifth of account openings so far in 2019 have been fraudulent.

How are enterprises coping with the security challenges brought on by digital transformation initiatives?
451 Research has polled IT decision makers at 400 larger companies about the current state of cybersecurity in their organizations, the security initiatives they have planned, the challenges they face, and how they are accommodating emerging technologies and digital transformation initiatives.

What do cybercriminals have in store for 2020?
As we look to 2020 and a new decade, cybersecurity will continue to be a top priority for businesses and consumers alike. To help organizations prepare for the next year and beyond, Experian released its forecast, which predicts the top five threats businesses and consumers should be aware of in order to keep their information safe.

Supply chain examination: Planning for vulnerabilities you can’t control
Seemingly, there are numerous occurrences when the customer’s personally identifiable information stored by an organization’s third-party provider is set loose by malicious intentioned actors. Threats take on many different shapes and sizes and aren’t someone else’s problem or responsibility to control or mitigate.

December 2019 Patch Tuesday forecast: Make sure to deploy year-end updates
Can you believe another year has passed and we’re approaching the last Patch Tuesday of the year? While I get ready to make another online gift purchase with my credit card, I can’t help but reflect on the security activity over the past twelve months. Some of these hit close to home.

How DNS filtering works and why businesses need it
The Domain Name System (DNS) is a cornerstone of the internet. DNS servers connect URL names that humans can read to unique Internet Protocol (IP) addresses that web browsers can understand. Without DNS, we’d all be typing in long, seemingly random combinations of characters and numbers in order to get anywhere online! However, this dependency opens up the possibility for misuse. From domain hijacking and cache poisoning to Denial of Service attacks, DNS is no stranger to being attacked or even scarier, being an attack vector!

CPoC: New data security standard for contactless payments
The PCI Security Standards Council (PCI SSC) published a new data security standard for solutions that enable merchants to accept contactless payments using a commercial off-the-shelf (COTS) mobile device with near-field communication (NFC).

Avoiding the next breach: Four tips for securing your apps
As security incidents continue to be an ongoing threat to businesses on a daily basis, keeping security procedures up-to-date and avoiding the next breach have become paramount.

2019 experienced massive spate of crypto crimes, $4.4 billion to date
With only seven months left for nations to pass laws and virtual asset service providers (VASPs) to comply with the guidelines, the majority of cryptocurrency exchanges are not equipped to handle basic KYC, let alone comply with the stringent new funds Travel Rule included in the updated Financial Action Task Force (FATF) guidance, according to CipherTrace.

The hidden risks of cryptojacking attacks
Given the very public repercussions of certain types of breaches, it can be easy for executives and IT professionals to focus attention on only the most notable attacks. However, numerous industry studies have found that a quiet threat, known as cryptojacking, is rising faster than any other type of cyber incident.

Hacking robotic vehicles is easier than you might think
Robotic vehicles like Amazon delivery drones or Mars rovers can be hacked more easily than people may think, a research from the University of British Columbia suggests.

Webinar: How to secure complex, multi-cloud environments
In this 30-minute webinar for CISOs, Security Engineers, Architects, and SOC Teams, learn how to gain the visibility and context necessary to properly secure multi-cloud applications.

(ISC)2 offers Lab courses to help build technical skills in cybersecurity
(ISC)2 announced that its Professional Development Institute (PDI) now offers five Lab courses designed to help build technical skills in cybersecurity.

More about

Don't miss