Week in review: API security basics, the future of infosec conferences, Sophos firewalls under attack

Here’s an overview of some of last week’s most interesting news, articles and podcasts:

Is the future of information security and tech conferences virtual?
While RSA Conference USA – the largest information security conference in the world – managed to take place mere weeks before the World Health Organization declared COVID-19 a pandemic, European countries started closing borders and airlines started suspending routes and grounding planes, most infosec and tech events scheduled to take place after it were doomed.

445 million attacks detected since the beginning of 2020, COVID-19 wreaks havoc
In the first quarter of 2020, the Arkose Labs network recorded the highest attack rate ever seen. 26.5% of all transactions were fraud and abuse attempts, which is a 20% increase over the previous quarter.

Understanding the basics of API security
This is the first of a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in software development, operations, and protection.

How to thwart human-operated ransomware campaigns?
Most ransomware campaigns hitting healthcare organizations and critical services right now are just the final act of a months-long compromise.

Why people talk a good game about privacy, but fail to follow up in real life?
While most people will say they are extremely concerned with their online privacy, previous experiments have shown that, in practice, users readily divulge privacy information online.

Three firmware blind spots impacting security
As software security has been significantly hardened over the past two decades, hackers have responded by moving down the stack to focus on firmware entry points. Firmware offers a target that basic security controls can’t access or scan as easily as software, while allowing them to persist and continue leveraging many of their tried and true attack techniques.

Attackers exploiting a zero-day in Sophos firewalls, have yours been hit?
Sophos has released an emergency hotfix for an actively exploited zero-day SQL injection vulnerability in its XG Firewalls, and has rolled it out to all units with the auto-update option enabled.

Which video call apps should you use if you care about privacy?
To help individuals and organizations choose video call apps that suit their needs and their risk appetite, Mozilla has released a new “Privacy Not Included” report that focuses on video call apps.

Cybersecurity pros share insights into their current work situations
In the (ISC)² COVID-19 Cybersecurity Pulse Survey, 81% of respondents, all responsible for securing their organizations’ digital assets, indicated that their job function has changed during the pandemic. 90% indicated they themselves are now working remotely full-time.

Third-party compliance risk could become a bigger problem
Since the onset of COVID-19, more than half of legal and compliance leaders believe that cybersecurity and data breach is the most-increased third-party risk their organizations face, according to Gartner.

Suspicious business emails increase, imposters pretend to be executives
U.S. small businesses report an increase in suspicious business emails over the past year, a cyber survey by HSB shows, and employees are taking the bait as they fall for phishing schemes and transfer tens of thousands of dollars in company funds into fraudulent accounts.

Google announces cull of low-quality, misleading Chrome extensions
With Google Chrome being by far the most widely used web browser, Google must constantly tweak protections, rules and policies to keep malicious, unhelpful and otherwise potentially unwanted extensions out of the Chrome Web Store. The latest change of that kind has been announced for August 27th 2020, when Google plans to boot from the CWS “low-quality and misleading” Chrome extensions.

Most IT leaders believe remote workers are a security risk
57 percent of UK IT decision makers still believe that remote workers are a security risk, and that they will expose their organization to the threat of a data breach, according to a survey by Apricorn.

How to formulate a suitable identity proofing strategy
In this podcast, Matt Johnson, Product Marketing Manager at TransUnion, talks about identity proofing and navigating identity during changing economic dynamics. By the end of this session, you’ll have an understanding of how to formulate an appropriate identity proofing strategy to meet the needs of your customers and online channels.

The state of data quality: Too much, too wild and too skewed
Despite being aware of data quality issues, many are uncertain about how to best address those concerns.

The battle against ransomware: Lessons from the front lines
Ransomware is arguably the most significant cybercrime innovation in recent history. The ransomware business model is so effective that it is now the most common and devastating threat to organizations of all sizes. As a provider of cyber insurance, we have the misfortune of responding to ransomware attacks across tens of thousands of organizations, and the trends are worrying.

Mitigating cybersecurity risks for employees working remotely
Here are five tips for IT specialists to mitigate the cybersecurity risks while employees are working remotely.

Assessing the risks of ACH payments
While the rate of fraud for ACH payments is relatively low, there is always a risk of bad actors whenever money is moving. When it comes to securing your money transfers, here is everything you need to know about assessing the risks involved in ACH payments.

Surge in phishing attacks using legitimate reCAPTCHA walls
yber scammers are starting to use legitimate reCAPTCHA walls to disguise malicious content from email security systems, Barracuda Networks has observed. The reCAPTCHA walls prevent email security systems from blocking phishing attacks and make the phishing site more believable in the eyes of the user.

Privacy pros expecting an increase in privacy rights requests as a result of COVID-19
92% of companies are concerned about new consumer rights under the California Consumer Privacy Act (CCPA) with 51% believing this is the hardest part of CCPA compliance and 64% planning to spend more than $100K on compliance in 2020, according to Truyo.

Keeping your app’s secrets secret
With the rise in automation, machines must authenticate against each other. Authorization is nearly implicit in this handshake. Secrets are increasingly used by applications and (micro) services as a bootstrapping mechanism for initiation and continuity in operations.

As companies rely on digital revenue, the need for web and mobile app security skyrockets
By 2023, according to research performed by Statista, applications may generate nearly $935 billion in revenue. With increased reliance on these applications and increasing customer traffic, security will play a critical role.

Looking to break into cybersecurity without direct experience? Find out how
Explore more tips and key strategies for breaking into cybersecurity in the new eBook from (ISC)², Breaking into Cybersecurity.

Cybersecurity pros share insights into their current work situations
In the (ISC)² COVID-19 Cybersecurity Pulse Survey, 81% of respondents, all responsible for securing their organizations’ digital assets, indicated that their job function has changed during the pandemic. 90% indicated they themselves are now working remotely full-time.

New infosec products of the week: May 1, 2020
A rundown of the most important infosec products released last week.

More about

Don't miss