Week in review: MacOS ransomware, attackers bypassing WAFs, how to select a SIEM solution

Here’s an overview of some of last week’s most interesting news, articles and reviews:

Critical flaw opens Palo Alto Networks firewalls and VPN appliances to attack, patch ASAP!
Palo Alto Networks has patched a critical and easily exploitable vulnerability (CVE-2020-2021) affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixed version as soon as possible.

Does analyzing employee emails run afoul of the GDPR?
A desire to remain compliant with the European Union’s General Data Protection Regulation (GDPR) and other privacy laws has made HR leaders wary of any new technology that digs too deeply into employee emails. This is understandable, as GDPR non-compliance pay lead to stiff penalties.

40% of security pros say half of cyberattacks bypass their WAF
There are growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their Web Application Firewall (WAF), Neustar reveals.

New technique keeps your online photos safe from facial recognition algorithms
Researchers have developed a technique that safeguards sensitive information in photos by making subtle changes that are almost imperceptible to humans but render selected features undetectable by known algorithms.

How do I select a SIEM solution for my business?
To select an appropriate SIEM solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals in order to get insight to help you get started.

New EvilQuest macOS ransomware is a smokescreen for other threats
A new piece of ransomware dubbed EvilQuest is being delivered bundled up with pirated versions of popular macOS software, researchers warned.

Magento 1 reaches EOL: Merchants urged to upgrade or risk breaches, falling out of PCI DSS compliance
When Adobe released security updates for Magento last week, it warned that the Magento 1.x branch is reaching end-of-life (EOL) and support (EOS) on June 30, 2020, and that those were the final security patches available for Magento Commerce 1.14 and Magento Open Source 1.

Ransomware attacks are increasing, do you have an emergency plan in place?
39% of organizations either have no ransomware emergency plan in place or are not aware if one exists. This is despite more ransomware attacks being recorded in the past 12 months than ever before, Ontrack reveals.

Microsoft fixes two RCE flaws affecting Windows 10 machines
Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines.

Key cybersecurity industry challenges in the next five years
Pete Herzog, Managing Director at ISECOM, is so sure that artificial intelligence could be the biggest security problem to solve and the biggest answer to the privacy problem that he cofounded a company, Urvin.ai, with an eclectic group of coders and scientists to explore this.

Fake “DNS Update” emails targeting site owners and admins
Attackers are trying to trick web administrators into sharing their admin account login credentials by urging them to activate DNSSEC for their domain.

200% increase in invoice and payment fraud BEC attacks
There has been a 200 percent increase in BEC attacks focused on invoice or payment fraud from April to May 2020, according to Abnormal Security. This sharp rise continues the trend.

Review: Qualys VMDR
It’s 2020 and the importance of vulnerability management should go without saying. In fact, knowing your assets and performing continuous vulnerability management are two of the Top 20 Critical Security Controls delineated by the Center for Internet Security (CIS).

Remote employees encounter 59 risky URLs per week
Working remotely from home has become a reality for millions of people around the world, putting pressure on IT and security teams to ensure that remote employees not only remain as productive as possible, but also that they keep themselves and corporate data as secure as possible.

Data security matters more than ever in the new normal
A boom in remote access goes hand-in-hand with an increased risk to sensitive information. Verizon reports that 30 percent of recent data breaches were a direct result of the move to web applications and services.

New vulnerabilities in open source packages down 20% compared to last year
New vulnerabilities in open source packages were down 20% compared to last year suggesting security of open source packages and containers are heading in a positive direction, according to Snyk.

New privacy-preserving SSO algorithm hides user info from third parties
Associate Professor Satoshi Iriyama from Tokyo University of Science and his colleague Dr Maki Kihara have recently developed a new SSO algorithm that on principle prevents holistic information exchange.

Using confidential computing to protect Function-as-a-Service data
Organizations are embracing the power of Function-as-a-Service (FaaS). FaaS can be viewed as a very positive and beneficial result coming from years of data successfully migrating and operating in public clouds. AWS Lambda, Azure Functions and Google Cloud are today’s market leading platforms for enterprises to realize the power and benefits of FaaS.

How data science delivers value in a post-pandemic world
While the primary focus must be on preserving cash flow, what many companies don’t realize is the power evolving data science applications have on business continuity and growth during these uncertain times, and the importance of shifting data science roles in implementing effective solutions.

More about

Don't miss