Week in review: Cloud migration and cybersecurity, data trending on the dark web, Zoom security

Here’s an overview of some of last week’s most interesting news and articles:

What type of data is trending on the dark web?
Fraud guides accounted for nearly half (49%) of the data being sold on the dark web, followed by personal data at 15.6%, according to Terbium Labs.

Cybersecurity in a remote workplace: A joint effort
With so many employees now working from home, business networks have been opened to countless untrusted networks and – potentially – some unsanctioned devices. Naturally, the question of security arises given the need to ensure that employees are well prepared for the challenges associated with remote work. It also means that businesses must be certain that their security infrastructure is well geared to secure personal and corporate data.

Will Zoom manage to retain security-conscious customers?
While Zoom Video Communications is trying to change the public’s rightful perception that, at least until a few weeks ago, Zoom security and privacy were low on their list of priorities, some users are already abandoning the ship.

GDPR, CCPA and beyond: How synthetic data can reduce the scope of stringent regulations
As many organizations are still discovering, compliance is complicated. Stringent regulations, like the GDPR and the CCPA, require multiple steps from numerous departments within an enterprise in order to achieve and maintain compliance.

April 2020 Patch Tuesday: Microsoft fixes three actively exploited vulnerabilities
For the April 2020 Patch Tuesday, Adobe plugs 5 flaws and Microsoft 113, three of which are currently being exploited by attackers.

VMware plugs critical flaw in vCenter Server, patch ASAP!
VMware has fixed a critical vulnerability (CVE-2020-3952) affecting vCenter Server, which can be exploited to extract highly sensitive information that could be used to compromise vCenter Server or other services which depend on the VMware Directory Service (vmdir) for authentication.

On my mind: Transitioning to third-party cloud services
The transition from traditional onsite data colocation to the use of third-party cloud shared tenant services should be on everyone’s minds. With this growing shift, everyone from individuals to enterprises will continue to fuel threat actors by improperly storing information in the cloud.

Using Cisco IP phones? Fix these critical vulnerabilities
Cisco has released another batch of fixes for a number of its products. Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS Director and Cisco UCS Director Express for Big Data, its unified infrastructure management solutions for data center operations.

You have to consider cybersecurity at all points of a cloud migration
Human error and complex cloud deployments open the door to a wide range of cyber threats, according to Trend Micro.

Phishing kits: The new bestsellers on the underground market
Phishing kits are the new bestsellers of the underground market, with the number of phishing kit ads on underground forums and their sellers having doubled in 2019 compared to the previous year, Group-IB reveals.

760+ malicious packages found typosquatting on RubyGems
Researchers have discovered over 760 malicious Ruby packages (aka “gems”) typosquatting on RubyGems, the Ruby community’s gem repository / hosting service.

Small businesses unprepared for remote working, most don’t provide cybersecurity training
The overnight move to a “virtual workplace” has increased cybersecurity concerns for small business owners, but many still have not implemented remote working policies to address cybersecurity threats, according to a survey by the Cyber Readiness Institute (CRI).

Zoom in crisis: How to respond and manage product security incidents
Zoom is in crisis mode, facing grave and very public concerns regarding the trust in management’s commitment for secure products, the respect for user privacy, the honesty of its marketing, and the design decisions that preserve a positive user experience. Managing the crisis will be a major factor in determining Zoom’s future.

Are we doing enough to protect connected cars?
Even though connected cars should meet the highest level of security, safety, and performance, we know this is not always the case. In this interview, Moshe Shlisel, CEO at GuardKnox, discusses today’s most pressing issues related to automotive security.

The dangers of assumptions in security
Assuming things is bad for your security posture. You are leaving yourself vulnerable when you assume what you have is what you need, or what you have is working as advertised. You assume you are protected, but are you really?

Application security: Getting it right, from the start
When you set out to design an application, you want to make sure it behaves as intended. In other words, that it does what you want, when it’s supposed to, and that it does so consistently.

Information security goes non-binary
Finding security holes in information systems is as old as the first commercially available computer. Back when a “computer” was something that sat in a computer room, users would try to bypass restrictions, sometimes simply by trying to guess the administrator’s password.

Office printers: The ticking IT time bomb hiding in plain sight
Office printers don’t have to be security threats: with foresight and maintenance they’re very easily threat-proofed. The problem is that system administrators rarely give the humble printer (or scanner, or multifunction printer) much attention.

New lower pricing for CISSP, CCSP and SSCP online instructor-led training
Whether you’re studying for the CISSP, CCSP, SSCP or another industry leading (ISC)² certification, (ISC)² is here to help you stay on track to certification with our Official Online Instructor-Led training, now at a NEW LOWER PRICE.

US victims lose $13 million from COVID-19-related scams
Successful COVID-19-themed fraud attempts perpetrated in the US, since the beginning of the year resulted in a little over $13 million losses, the Federal Trade Commission has shared.

When your laptop is your workspace, the real office never closes
With the COVID-19 pandemic, working from home has moved from a company perk to a hard requirement. Social distancing government mandates have forced complete office closures completely transforming how and where people work. With people working from home and connected to business applications running in the cloud, the notion of an office building representing the company network has vanished overnight.

Shift to work-from-home: Most IT pros worried about cloud security
As most companies make the rapid shift to work-from-home to stem the spread of COVID-19, a significant percentage of IT and cloud professionals are concerned about maintaining the security of their cloud environments during the transition, according to a survey conducted by Fugue.

New infosec products of the week: April 17, 2020
A rundown of the most important infosec products released last week.

More about

Don't miss