Week in review: Zoom security, Marriott breach, MS SQL servers under attack

Here’s an overview of some of last week’s most interesting news, articles and podcasts:

Marriott International 2020 data breach: 5.2 million customers affected
Marriott International has suffered a new data breach in mid-January 2020, which affected approximately 5.2 million guests.

Should you hire a specialized cybersecurity recruiter?
Finding skilled cybersecurity professionals to fill organizations’ increasing needs is becoming more difficult by the day due to the wide (and widening) cybersecurity workforce skills gap. So, how can organizations make the hiring process less painful and more fruitful?

Millions of routers running OpenWRT vulnerable to attack
A vulnerability (CVE-2020-7982) discovered in the package manager of the OpenWRT open source operating system could allow attackers to compromise the embedded and networking devices running it.

Are your MS SQL servers part of a cryptomining botnet? Check now!
For the last two years or so, attackers have been infecting and reinfecting poorly secured MS SQL servers, booting other criminals’ malware from them and exploiting their compute power to mine Vollar and Monero cryptocurrency.

RDP and VPN use soars, increasing enterprise cyber risk
As COVID-19 slowly spread across the globe, consumer demand for commercial virtual private network (VPN) services has soared – both for security reasons and for bypassing geo-blocking of (streaming) content. Not unexpectedly, enterprise VPN use has also greatly increased, and so has the use of the Remote Desktop Protocol (RDP), a popular and common means for remotely managing a computer over a network connection.

21% of SMBs do not have a data backup or disaster recovery solution in place
58% of C-level executives at small and medium businesses (SMBs) said their biggest data storage challenge is security vulnerability, according to Infrascale.

How can you strengthen an enterprise third-party risk management program?
We sat down with Sean Cronin, CEO of ProcessUnity, to explore the challenges related to enterprise third-party risk today and in the future.

Kwampirs threat actor continues to breach transnational healthcare orgs
The Kwampirs (aka Orangeworm) attack group continues to target global healthcare entities in this time of crisis, the FBI has warned.

Seven key cybersecurity trends for 2020 by world-leading professionals
The developments in the area of cybersecurity are alarming. As the number of smart devices in private households increase, so do the opportunities for cybercriminals to attack, according to TÜV Rheinland.

Why we need to secure IoT connections sooner rather than later
IoT products offer many conveniences but there are massive amounts of data being transferred to and from these services vulnerable to attack if left unsecured. In this podcast, Mike Nelson, Vice President of IoT Security at DigiCert, talks about the growing insecurity of IoT devices and what we should do about it.

Debunking vulnerability management myths for a safer enterprise
Cybersecurity is one of the most daunting challenges enterprises will face in 2020. According to IBM’s 2019 Cost of a Data Breach report, the average cost of a data breach in the U.S. is $8.19 million, with companies averaging 206 days to identify breaches before even attempting to address them (a task that averages another 38 days).

Large number of mobile apps may be vulnerable to hacking
A team of cybersecurity researchers has discovered that a large number of mobile apps contain hardcoded secrets allowing others to access private data or block content provided by users.

Steering your network in the right direction with segmentation
Throughout history, individuals have taken innovations in their prime and tried to mold them into objects they were never designed to be. An example? The first cars were carriages with engines, the first powered ships were sailing ships with paddles, and so on. That said, history has shown us that there are also many limitations to evolving objects outside of their intended purpose and that these efforts often end in failure.

The potential impact of SAP security remediation
More than two thirds (68.8%) of SAP users believe their organizations put insufficient focus on IT security during previous SAP implementations, while 53.4% indicated that it is ‘very common’ for SAP security flaws to be uncovered during the audit process. These are key findings of the SAP Security Research Report by Turnkey Consulting.

Identity fraud: Protecting your customers from the new kids in town
It’s one thing to have your credit card stolen, but your identity is a whole other ball game. The worst thing is, it’s a lot more common than you’d think. Identity fraud affects around one in 15 people in the US and has never been higher in the UK. The fraudsters have built their own subculture as new tools and channels lower the bar for entry. It’s time to strap in, because the challenge will only grow in the next few years.

vFeed: Leveraging actionable vulnerability intelligence as a service indicators
In this podcast, Rachid Harrando, Advisory Board Member at vFeed, talks about how their correlation algorithm analyzes a large plethora of scattered advisories and third-party sources, and then standardizes the content with respect to security industry open standards.

How to balance privacy concerns around facial recognition technology
There has been global uproar regarding facial recognition technology and whether and when it’s ethically sound to use it. Its use without citizens’ consent could have potential safety benefits but is undoubtedly a violation of privacy.

Webinar – Getting Inside the Mind of an Attacker: TLS Attacks and Pitfalls
In this webinar, you’ll learn about and get recommendations on how to defend against common weaknesses vulnerability scanners uncover and attacks targeting TLS.

Guide: Making the financial case for outsourcing endpoint protection
This guide delivers specific guidance on how to calculate savings in the context of your organization’s risk while accounting for size and industry.

Given the extent of the COVID-19 virus diffusion around the globe and the repercussions it has had on our private and working lives, we have inevitably covered a variety of new threats and security implications related to it:

Zoom pledges to find, fix security and privacy issues
Since the advent of Covid-19, remote conferencing tools have been a lifesaver for all those stuck at home, forced to work and socialize online. Zoom, in particular, has witnessed a massive influx of new users, which lead to increased scrutiny from information security researchers.

Remote work and web conferencing: Security and privacy considerations
As more and more people remain at home and work from home due to the COVID-19 pandemic, most of them have been forced to use one or many video and audio conferencing applications out of necessity.

Mozilla will fund open source COVID-19-related technology projects
Have you come up with hardware or software that can help solve a problem that arose from COVID-19 and its worldwide spread? Mozilla is offering up to $50,000 to open source technology projects that are responding to the pandemic in some way.

Vulnerable VPN appliances at healthcare organizations open doors for ransomware gangs
The increased enterprise VPN use due to the COVID-19 pandemic and the work-from-home (WFH) shift has not gone unnoticed by ransomware gangs, Microsoft warns.

Distributed disruption: Coronavirus multiplies the risk of severe cyberattacks
The coronavirus pandemic is upending everything we know. As the tally of infected people grows by the hour, global healthcare, economic, political, and social systems are bending and breaking under the strain, and for much of the world there’s no end in sight. But amid this massive wave of disruption, one thing hasn’t changed: the eagerness of cybercriminals to capitalize on society’s misfortune and uncertainty to sabotage, cripple, mislead and steal.

Organizations not properly set up to manage risk, coronavirus pandemic reveals
Organizations’ current approach to risk governance is not sufficient to tackle the complex risk environment organizations are facing today, according to Gartner. The COVID-19 pandemic is just the latest in a line of recent risk events showing how organizations are not properly set up to manage risk, especially fast-moving ones.

More about

Don't miss