Week in review: Most exploited vulns in 2019, Emotet sprads via Wi-Fi, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news and articles:

CDPwn vulnerabilities open millions of Cisco enterprise devices to attack
If you have Cisco equipment in your enterprise network – and chances are good that you have – you should check immediately which feature the newly revealed CDPwn vulnerabilities in Cisco’ proprietary device discovery protocol and implement patches as soon as possible.

Emotet can spread to poorly secured Wi-Fi networks and computers on them
Here’s yet another reason to secure Wi-Fi networks and Windows user accounts with a strong enough password: researchers have spotted and analyzed a malware program that is able to spread the Emotet Trojan to nearby wireless networks and compromise computers on them.

Wuhan coronavirus exploited to deliver malware, phishing, hoaxes
The Wuhan coronavirus continues to spread and create anxiety across the globe, allowing malicious individuals and groups to exploit the situation to spread fake news, malware and phishing emails. In the latest incarnation, phishers are impersonating the World Health Organization.

USB armory Mk II: A secure computer on a USB stick featuring open source hardware design
The hardware security professionals at F-Secure have created a new version of the USB armory – a computer on a USB stick built from the ground up to be secure.

What makes some organizations more cyber resilient than others?
Despite higher levels of investment in advanced cybersecurity technologies over the past three years, less than one-fifth of organizations are effectively stopping cyberattacks and finding and fixing breaches fast enough to lower the impact, according to a report from Accenture.

Honware: IoT honeypot for detecting zero-day exploits
Two researchers have created a solution that could help security researchers and IoT manufacturers with detecting zero-day exploits targeting internet-connected devices more speedily than ever before.

Three principles regarding encryption you need to keep in mind
Encryption is a popular topic among security professionals and occasionally a polarizing one. Plenty of misconceptions surround the process, and these often skew the way people perceive its complexity.

February 2020 Patch Tuesday forecast: A lot of love coming our way
The January 2020 Patch Tuesday was a light one as predicted; everyone was still catching up from the end-of-year holidays. As we gain momentum into February and move towards Valentine’s Day, I anticipate Microsoft, and at least Mozilla, will give plenty of love and attention to their applications and operating systems.

Which vulnerabilities were most exploited by cybercriminals in 2019?
Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019.

New ransomware targets industrial control systems
With the ransomware threat is surging unstoppably in the last few years, it was just a matter of time until ICS-specific ransomware became a reality.

Review: Cyber Minds
Humans are an essential part of any enterprise and should be considered the foundation of its cybersecurity. That’s probably easier said than done, but Shira Rubinoff has some useful tips for you.

Layering diverse defenses is crucial for stopping email attacks
Despite heading a company that provides a technological solution for stopping targeted email attacks, Evan Reiser, CEO of Abnormal Security, knows that technology is not the complete answer to the malicious email problem. At the same time, security awareness and anti-phishing training is also not a foolproof solution, he maintains.

The Goldilocks principle for zero trust fraud prevention
Although the zero trust framework is gaining momentum in the enterprise, its basic concepts have been the mainstay of fraud prevention in industries like insurance, finance and retail for a very long time. At its core, zero trust identifies the level of risk based on a combination of the origin device, the destination system and the action being performed.

How CISOs can justify cybersecurity purchases
Sometimes a disaster strikes: ransomware encrypts critical files, adversaries steal sensitive data, a business application is compromised with a backdoor… This is the stuff that CISOs’ nightmares are made of. As devastating as such incidents can be, for the short time after they occur, the enterprise usually empowers the CISO to implement security measures that he or she didn’t get funding for earlier.

How can we harness human bias to have a more positive impact on cybersecurity awareness?
Dr. Jessica Barker, Co-CEO of Cygenta, follows her passion of positively influencing cybersecurity awareness, behaviours and culture in organisations around the world.

43% of cloud databases are currently unencrypted
As organizations move to automate more of their cloud infrastructure build processes, they are adopting and creating new infrastructure as code (IaC) templates. Without the help of the right security tools and processes, these infrastructure building blocks are being crafted with rampant vulnerabilities.

Now available: eSentire’s 2019 Annual Threat Intelligence Report
Recently released, eSentire’s 2019 Threat Intelligence Report: Perspectives from 2019 and Predictions for 2020 provides visuals, data and written analysis, as well as practical recommendations for readers seeking to understand and better respond to the cybersecurity threat landscape.

New infosec products of the week: February 7, 2020
A rundown of the most important infosec products released last week.