Week in review: AD password reset best practices, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles:

DNS over HTTPS’ threat to enterprise security
DNS over HTTPS (DoH) is here, regardless who likes it or not. Unfortunately, a majority of guidance surrounding DoH is centered around individual consumer perspectives. For enterprise security leaders looking to manage the risks of DoH, that hasn’t been entirely helpful.

How to test employee cyber competence through pen-testing
Social engineering hacking preys on the vulnerabilities inherent in human psychology, so it’s vital for organizations to test employee cyber competence.

(IN)SECURE Magazine issue 64 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 64 has been released today. It’s a free download, no registration required.

Active Directory password reset best practices
This article looks at what can be achieved using the native Active Directory (AD) Group Policy settings, including key capabilities that increase password security while balancing the user experience.

Compromised passwords used on 44 million Microsoft accounts
44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking due to use of compromised passwords, Microsoft has shared.

December 2019 Patch Tuesday: Microsoft fixes one actively exploited zero-day
For December 2019 Patch Tuesday, Microsoft and Adobe have released the final scheduled security updates for this year, Intel has fixed Plundervolt, and Google has delivered fixes and new and expanded security features for Chrome.

BYOD security challenges leave companies at risk
Organizations aren’t moving quickly enough on cybersecurity threats linked to the drive toward using personal mobile devices in the workplace, warns a QUT privacy researcher.

Top 5 cybersecurity predictions for 2020
A new year is almost upon us, and with it comes new threats and trends, specifically in the world of cybersecurity. We’ve put together our top 5 cybersecurity predictions for 2020, with a view to helping ensure you stay ahead of threats.

It’s the most vulnerable time of the year
We need to remember that the holidays can actually be a pretty dangerous period for cybersecurity. To riff off Andy Williams, it’s the most vulnerable time of the year.

The 7 most dangerous digital technology trends
As our world embraces a digital transformation, innovative technologies bring greater opportunities, cost efficiencies, abilities to scale globally, and entirely new service capabilities to enrich the lives of people globally. But there is a catch. For every opportunity, there is a risk.

Unpatchable KeyWe smart lock can be easily picked
A design flaw in the KeyWe smart lock (GKW-2000D), which is mostly used for remote-controlled entry to private residences, can be exploited by attackers to gain access to the dwellings, F-Secure researchers have found.

2020 is prime for a global building cybersecurity standard
Buildings will account for 81% of all connected things in 2020, ushering in a new era of smart office buildings, schools, hospitals and more that will improve efficiencies for building management and provide a more comfortable experience for occupants. However, buildings are also at an increased risk of cyberattacks as they collect more data, become more interconnected and extended outside of their original operating environment.

Key security priorities for financial services: Preventing fraud and data leaks
The banking and financial services sector is struggling with a skills shortage along with the sheer volume of threats and alerts as it continues its ongoing battle against cybercrime, according to Blueliv.

How enterprise risk management programs operate in organizations today
More than half of CEOs think their enterprise risk management program (ERM) program is not as effective as it should be, a LogicGate survey reveals.

78% of people forgot a password in the past 90 days
Passwords are the dominant way online services manage access to our personal and work-related lives. But often times, they’re more of a headache than a security tool.

Will quantum computing overwhelm existing security tech in the near future?
Keeping a watchful eye on developments, 74% of organizations admitted to paying close attention to the technology’s evolution, with 21% already experimenting with their own quantum computing strategies.

Microsoft demystifies email attack campaigns targeting organizations
Email is attackers’ preferred method for gaining a foothold into organizations. Campaign views, a new type of report available to some Microsoft enterprise customers, allows security teams to see how successful specific email attack campaigns have been at compromising their organization and to thwart future ones.

The importance of proactive patch management
The gap between a working exploit being developed and the necessary patch being applied is a period of heightened—and avoidable – exposure to risk.

New infosec products of the week: December 13, 2019
A rundown of infosec products released last week.

More about

Don't miss