Week in review: Zoom end-to-end encryption, 5G adoption and security, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news and articles:

VMware Cloud Director vulnerability enables a full cloud infrastructure takeover
A code injection vulnerability (CVE-2020-3956) affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have discovered.

5G adoption, security and worldwide market trends
With 5G adoption ramping up all over the world, we sat down with Chris Pearson, President of 5G Americas, to learn more about the current 5G landscape.

Most companies suffered a cloud data breach in the past 18 months
Nearly 80% of the companies had experienced at least one cloud data breach in the past 18 months, and 43% reported 10 or more breaches, a new Ermetic survey reveals.

Zoom to offer end-to-end encryption only to paying customers
As Zoom continues on its path to bring end-to-end encryption (E2EE) to users, the big news is that only paid users will have access to the option.

When SOCs never stop: How to fill the intelligence gaps in security
Demand for security analysts and security operations centre experts is high – so high that Frost and Sullivan found only two percent unemployment in the sector and that demand continues outstrip the supply of newly skilled professionals. (ISC)² suggests that the number of skilled professionals will have to grow from 2.8 million worldwide to 4.07 million to close the skills gap.

June 2020 Patch Tuesday forecast: Steady as she goes
One item to factor into your patch Tuesday process is the new release of Windows 10 version 2004 and Windows Server version 2004. These latest versions of Windows 10 were released without major fanfare, as Microsoft pre-announced.

Understanding cyber threats to APIs
The many benefits that APIs bring to the software and application development communities – namely, that they are well documented, publicly available, standard, ubiquitous, efficient, and easy to use – are now being leveraged by bad actors to execute high profile attacks against public-facing applications.

Cooking up secure code: A foolproof recipe for open source
The use of open source code in modern software has become nearly ubiquitous. It makes perfect sense: facing ever-increasing pressures to accelerate the rate at which new applications are delivered, developers value the ready-made aspect of open source components which they can plug in where needed, rather than building a feature from the ground up.

Attackers tried to grab WordPress configuration files from over a million sites
A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May (and continued to try throughout the month), tried to grab WordPress configuration files of 1.3 million sites at the end on the same month.

How to successfully operationalize your micro-segmentation solution
The business case that drove your organization to adopt a host-based segmentation solution will serve as an anchor for your initial design. However, it’s essential to consider how it will interact with your overall IT security strategy.

Cisco plugs bucketful of security holes in industrial routers, switches
Cisco has fixed more than two dozen critical and high-severity security vulnerabilities affecting operating systems running on the company’s carrier-grade and industrial routers and switches.

Increased attacks and the power of a fully staffed cybersecurity team
The cybersecurity landscape is constantly evolving, and even more so during this time of disruption. According to ISACA’s survey, most respondents believe that their enterprise will be hit by a cyberattack soon – with 53 percent believing it is likely they will experience one in the next 12 months.

The “return” of fraudulent wire transfers
Ransomware gangs targeting businesses are currently getting more public attention, but scammers trying to trick employees into performing fraudulent wire transfers are once again ramping up their efforts, US-headquartered law firm BakerHostetler has warned.

Cybercriminals exposed 5 billion records in 2019, costing U.S. organizations over $1.2 trillion
Cybercriminals exposed over 5 billion records in 2019, costing over $1.2 trillion to U.S. organizations, according to ForgeRock. Coupled with breaches in 2018 costing over $654 billion, breaches over the last two years have cost U.S. organizations over $1.8 trillion.

Office 365 users: Beware of fake company emails delivering a new VPN configuration
Phishers are impersonating companies’ IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials.

Things to keep in mind when downloading apps from G Suite Marketplace
Security researchers have tested nearly 1,000 enterprise apps offered on Google’s G Suite Marketplace and discovered that many ask for permission to access to user data via Google APIs as well as to communicate with (sometimes undisclosed) external services.

Lean into zero trust to ensure security in times of agility
Bad actors are rapidly mounting phishing campaigns, setting up malicious websites and sending malicious attachments to take full advantage of the pandemic and users’ need for information, their fears and other emotions. More often than not, the goal is the compromise of login credentials.

New propagation module makes Trickbot more stealthy
Trickbot infections of Domain Controller (DC) servers has become more difficult to detect due to a new propagation module that makes the malware run from memory, Palo Alto Networks researchers have found.

Factors driving API growth in industry
This is third in a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in software development, operations, and protection.

41% of organizations have not taken any steps to expand secure access for the remote workforce
urrently, organizations are struggling to adjust to the new normal amidst the COVID-19 pandemic, a Bitglass survey reveals. 41% have not taken any steps to expand secure access for the remote workforce, and 50% are citing proper equipment as the biggest impediment to doing so.

The challenge of updating locally cached credentials
As organizations work to ensure remote workforce productivity, the issue of cached credentials will inevitably appear, causing a problem for the impacted user, and the IT service desk.

Save almost 50% on CISSP training: Offer ends June 15
With the globally recognized (ISC)² CISSP certification, you prove your cybersecurity expertise to the world. Save nearly 50% on CISSP Online Instructor-Led Training when bundled with your exam. Now thru June 15, 2020, you can purchase both for just $1,995.

Product showcase: Cloudbric Remote Access
Cloudbric has introduced an alternative to traditional VPNs, that monitors and blocks unusual and malicious access.

New infosec products of the week: June 5, 2020
A rundown of the most important infosec products released last week.

More about

Don't miss