Week in review: Kubernetes security challenges, NIST Privacy Framework, Mitsubishi Electric breach

Here’s an overview of some of last week’s most interesting news and articles:

Mitsubishi Electric discloses data breach, possible data leak
Japanese multinational Mitsubishi Electric has admitted that it had suffered a data breach some six months ago, and that “personal information and corporate confidential information may have been leaked.”

It’s time to patch your Cisco security solutions again
Cisco has released another batch of security updates and patches for a variety of its offerings, including many of its security solutions.

Lessons from Microsoft’s 250 million data record exposure
Microsoft has one of the best security teams and capabilities of any organization in the technology industry, yet it accidentally exposed 250 million customer records in December 2019. The data was accessible to anyone with a browser, who knew the server location, for about a month in total before an external researcher detected the problem.

First patches for the Citrix ADC, Gateway RCE flaw released
As attackers continue to hit vulnerable Citrix (formerly Netscaler) ADC and Gateway installations, Citrix has released permanent fixes for some versions and has promised to provide them for other versions and for two older versions of SD-WAN WANOP.

IoC Scanner shows if Citrix appliances have been compromised via CVE-2019-19781
Citrix and FireEye have teamed up to provide sysadmins with an IoC scanner that shows whether a Citrix ADC, Gateway or SD-WAN WANOP appliance has been compromised via CVE-2019-19781.

Techniques and strategies to overcome Kubernetes security challenges
Five security best practices for DevOps and development professionals managing Kubernetes deployments have been introduced by Portshift.

Honeywell Maxpro VMS/NVR systems vulnerable to hijacking
Honeywell’s Maxpro VMS and NVR, network video recorders and video management systems deployed in commercial, manufacturing and energy facilities around the world, sport critical vulnerabilities that may allow attackers to take control of them.

Researchers create OT honeypot, attract exploits and fraud
Trend Micro announced the results of research featuring a honeypot imitating an industrial factory. The highly sophisticated Operational Technology (OT) honeypot attracted fraud and financially motivated exploits.

Did Apple drop end-to-end encrypted iCloud backups because of the FBI?
Two years ago, Apple abandoned its plan to encrypt iPhone backups in the iCloud in such a way that makes it impossible for it (or law enforcement) to decrypt the contents, a Reuters report claimed on Tuesday.

Micropatch simulates workaround for recent zero-day IE flaw, removes negative side effects
ACROS Security has released a micropatch that implements the workaround for a recently revealed actively exploited zero-day RCE flaw affecting Internet Explorer (CVE-2020-0674).

Data-driven vehicles: The next security challenge
Over the next decade, every car manufacturer that offers any degree of autonomy in a vehicle will be forced to address the security of both the vehicle and your data, while also being capable of recognizing and defending against threats against you or the vehicle.

Cybercriminals using fake job listings to steal money, info from applicants
Be extra careful when looking for a job online, the Internet Crime Complaint Center (IC3) warns: cybercriminals are using fake job listings to trick applicants into sharing their personal and financial information, as well as into sending them substantial sums of money.

Review: Enzoic for Active Directory
Seemingly every day news drops that a popular site with millions of users had been breached and its user database leaked online. Almost without fail, attackers try to use those leaked user credentials on other sites, making password stuffing one of the most common attacks today.

Business units and IT teams can no longer function in silos
Over the next two years, 50% of organizations will experience increased collaboration between their business and IT teams, according to Gartner.

Container security requires continuous security in new DevSecOps models
When Jordan Liggitt at Google posted details of a serious Kubernetes vulnerability in November 2018, it was a wake-up call for security teams ignoring the risks that came with adopting a cloud-native infrastructure without putting security at the heart of the whole endeavor.

There is no easy fix to AI privacy problems
Artificial intelligence – more specifically, the machine learning (ML) subset of AI – has a number of privacy problems.

MDhex vulnerabilities open GE Healthcare patient monitoring devices to attackers
Researchers have discovered six critical and high-risk vulnerabilities – collectively dubbed MDhex – affecting a number of patient monitoring devices manufactured by GE Healthcare.

Download: State of Breach Protection 2020 survey results
The State of Breach Protection 2020 survey crowdsources the wisdom of numerous security pros and decision makers, enabling CISOs to make better informed and data-driven decisions, by zooming out to see the wide perspective of breach protection’s best practices and major trends.

Over half of organizations were successfully phished in 2019
Nearly 90 percent of global organizations were targeted with BEC and spear phishing attacks in 2019, reflecting cybercriminals’ continued focus on compromising individual end users, a Proofpoint survey reveals.

Zero Trust: Beyond access controls
As the Zero Trust approach to cybersecurity gains traction in the enterprise world, many people have come to recognize the term without fully understanding its meaning.

NIST Privacy Framework 1.0: Manage privacy risk, demonstrate compliance
Our data-driven society has a tricky balancing act to perform: building innovative products and services that use personal data while still protecting people’s privacy. To help organizations keep this balance, the National Institute of Standards and Technology (NIST) is offering a new tool for managing privacy risk.

CISOs: Make 2020 the year you focus on third-party cyber risk
While cybersecurity professionals are certainly aware of the growing threat posed by sharing data with third parties, many seem to lack the urgency required to address this challenge.

Email security industry miss rates when encountering threats are higher than 20%
Email security miss rates are definitely a huge issue. Malicious files regularly bypass all of today’s leading email security products, leaving enterprises vulnerable to email-based attacks including ransomware, phishing and data breaches, according to BitDam.

A look at cybersecurity for rail systems, building automation and the future of critical infrastructure
Waterfall Security Solutions announced a major expansion into new markets and industry verticals. In support of this expansion, Waterfall has secured a significant new funding round to enable aggressive growth. We caught up with Lior Frenkel, CEO and co-founder of the company, to find out more.

More about

Don't miss