Week in review: Counterfeit Cisco switches, hijacked Twitter accounts, vulnerable SAP applications
Here’s an overview of some of last week’s most interesting news and articles:
New wave of attacks aiming to rope home routers into IoT botnets
A Trend Micro research is warning consumers of a major new wave of attacks attempting to compromise their home routers for use in IoT botnets.
High-profile Twitter accounts hijacked to push Bitcoin scam. How did it happen?
The Twittersphere went into overdrive as a bunch of prominent, verified Twitter accounts were hijacked and started promoting a COVID-19 cryptocurrency giveaway scam.
Critical flaw gives attackers control of vulnerable SAP business applications
SAP has issued patches to fix a critical vulnerability (CVE-2020-6287) that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker.
Cyberwarfare: The changing role of force
Whether used as a force multiplier for disinformation operations, for stand-alone projections of power or carefully calibrated escalations of conflict, cyber weapon use is growing on the international stage.
How do I select a network detection and response solution for my business?
To select an appropriate network detection and response solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.
How secure is your web browser?
NSS Labs released the results of its web browser security test after testing Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, for phishing protection and malware protection.
Investigation highlights the dangers of using counterfeit Cisco switches
An investigation, which concluded that counterfeit network switches were designed to bypass processes that authenticate system components, illustrates the security challenges posed by counterfeit hardware.
340 GDPR fines for a total of €158,135,806 issued since May 2018
Since rolling out in May 2018, there have been 340 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine, Privacy Affairs finds.
July 2020 Patch Tuesday: Microsoft plugs wormable Windows DNS Server RCE flaw
On this July 2020 Patch Tuesday, Microsoft has plugged 18 critical and 105 high-severity flaws, Adobe has delivered security updates for ColdFusion, Adobe Genuine Service, Adobe Download Manager, Adobe Media Encoder and Adobe Creative Cloud Desktop Application, and Oracle is set to deliver fixes for 433 vulnerabilities.
Security alerts more than doubled in the last 5 years, SecOps teams admit they can’t get to them all
Sumo Logic announced the findings of a global survey that highlight the barriers security professionals are facing on the path to modernizing the security operations center (SOC).
Cisco patches critical flaws in VPN routers and firewalls
Cisco has fixed 33 CVE-numbered flaws in a variety of its devices, including five critical ones affecting RV-series VPN routers and firewalls and Cisco Prime License Manager, which is used by enterprises to manage user-based licensing.
2020: The year of increased attack sophistication
There was an increase in both cyberattack volume and breaches during the past 12 months in the U.S. This has prompted increased investment in cyber defense, with U.S. businesses already using an average of more than nine different cybersecurity tools, a VMware survey found.
The crypto-agility mandate, and how to get there
To achieve long-term data protection in today’s fast-changing and uncertain world, companies need the ability to respond quickly to unforeseen events. Threats like quantum computing are getting more real while cryptographic algorithms are subject to decay or compromise. Without the ability to identify, manage and replace vulnerable keys and certificates quickly and easily, companies are at risk.
Researchers extract personal data from video conference screenshots
Video conference users should not post screen images of Zoom and other video conference sessions on social media, according to Ben-Gurion University of the Negev researchers, who easily identified people from public screenshots of video meetings on Zoom, Microsoft Teams and Google Meet.
Is DNS a vital component of your security strategy?
Security and risk (S&R) teams often use DNS to detect and block threats early in the kill chain, identify compromised devices, and investigate and respond to malware, an Infoblox survey reveals.
A look at modern adversary behavior and the usage of open source tools in the enterprise
Leszek Miś is the founder of Defensive Security, a principal trainer and security researcher with over 15 years of experience. Next week, he’s running an amazing online training course – In & Out – Network Exfiltration and Post-Exploitation Techniques [RED Edition] at HITBSecConf 2020 Singapore, so it was the perfect time for an interview.
Email impersonations becoming pervasive, preying on a distracted and dispersed workforce
Impersonations have become pervasive, and are by far the most prevalent type of email-based attack ending up in business’s inboxes. This is according to a survey report by GreatHorn.
Ransomware, then and now: The change in data theft behavior
Every time ransomware moves out of the news cycle, someone will ask whether cybercriminals have moved on to other, perhaps more lucrative, activities. Unfortunately, not only is ransomware alive and well, but it’s also evolving.
HITB Lockdown: Hands-on technical trainings coming next week!
HITB Lockdown 002 will feature a number of hands-on technical trainings, taking place July 20-23, 2020.