Week in review: SMBGhost exploit, OneDrive security, PCI compliance misconceptions

Here’s an overview of some of last week’s most interesting news, articles and podcasts:

Organizations are creating the perfect storm by not implementing security basics
European organizations have a false sense of security when it comes to protecting themselves, with only 68% seeing themselves as vulnerable, down from 86% in 2018, according to Thales.

5 keys to protecting OneDrive users
With the dramatic shift toward remote workforces over the last three months, many organizations are relying more heavily on cloud tools and application suites. One of the most popular is Microsoft’s OneDrive.

3 common misconceptions about PCI compliance
If you’ve been the arbiter of PCI for your company, you’ve probably run into a variety of misunderstandings, long-held misconceptions, and just weird ideas.

UPnP vulnerability lets attackers steal data, scan internal networks
A vulnerability (CVE-2020-12695) in Universal Plug and Play (UPnP), which is implemented in billions of networked and IoT devices – personal computers, printers, mobile devices, routers, gaming consoles, Wi-Fi access points, and so on – may allow unauthenticated, remote attackers to exfiltrate data, scan internal networks or make the devices participate in DDoS attacks.

Average cost of DNS attacks hovering around $924,000
79% of organizations experienced DNS attacks, with the average cost of each attack hovering around $924,000, according to EfficientIP.

PoC RCE exploit for SMBGhost Windows flaw released
A security researcher has published a PoC RCE exploit for SMBGhost (CVE-2020-0796), a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions.

Five signs a virtual CISO makes sense for your organization
Regardless of company size or industry, nearly every organization benefits from having a CISO who can establish comprehensive, risk-based security strategies and processes that protect critical data and systems while keeping business moving forward.

Protecting hospitals to ensure patient safety, data confidentiality and business continuity
In this Help Net Security podcast, we’re joined by Leon Lerman, CEO of Cynerio, and Dr. John Halamka, emergency medicine physician and President of the Mayo Clinic Platform. They illustrate how insecure devices increase the cyber attack surface and pose a significant risk to the operational continuity of hospitals and patient safety.

June 2020 Patch Tuesday: Microsoft fixes record monthly number of CVEs
On this June 2020 Patch Tuesday, Microsoft has plugged 11 critical and 118 high-severity security holes, while Adobe has delivered security updates for Flash, Framemaker and Experience Manager.

Remote work in the time of COVID-19
The COVID-19 pandemic has, in one broad swipe, rewritten the rules regarding our workforce and jobs, with an almost instantaneous transition to remote work for those who were able to. While certain jobs require physical presence, a number of jobs fortunately can be done while working offsite.

How does COVID-19 impact cloud adoption?
99% of IT professionals worldwide indicated an impact on their business today related to the COVID-19 pandemic, a MariaDB survey reveals.

Top security risks for companies to address as cloud migration accelerates
The ease and speed at which new cloud tools can be deployed is also making it harder for security teams to control their usage, IBM Security reveals.

Why traditional network perimeter security no longer protects
Network security has been and is constantly evolving, often spurred by watershed events such as the 2017 NotPetya ransomware attack that crashed thousands of computers across the globe with a single piece of code. These events prompt changes in network architectures and the philosophies that underlie them.

How technology impacts building health
Employee health and safety have always been important, but the COVID-19 pandemic has made them more important than ever. Employers are concerned about the wellness of their employees, but they must now also take a closer look at the health of their buildings.

2019 was a record year for OSS vulnerabilities
Total vulnerabilities in OSS more than doubled in 2019 from 421 Common Vulnerabilities and Exposures (CVEs) in 2018 to 968 last year, according to a RiskSense report.

The importance of effective vulnerability remediation prioritization
According to the results of a recent Tenable research aimed at discovering why some flaws go unpatched for months and years, vulnerabilities with exploits show roughly the same persistence as those with no available exploit.

Your greatest work from home lifeline is also your newest attack vector
According to the CSO Pandemic Impact Survey, the number of employees working at least 60 percent of the time from home has increased five-fold since the institution of social and work restrictions.

Why DevSecOps remains a mirage
Despite the rhetoric around DevSecOps, security remains an afterthought when organizations are building software. Meanwhile, the latest Verizon threat report identified that web application attacks have doubled, validating that cloud-based data is under attack. The surge in web app security breaches in 2019 further solidifies that we are a long way from delivering on the DevSecOps vision.

Tell us what you think: (ISC)² Cybersecurity Workforce Survey
(ISC)², the world’s largest association of certified cybersecurity professionals, is launching its annual Cybersecurity Workforce Survey, and they want to hear from you.

New infosec products of the week: June 12, 2020
A rundown of the most important infosec products released last week.




Share this