Week in review: PoC for wormable SharePoint RCE released, how to select a DMARC solution

Here’s an overview of some of last week’s most interesting news and articles:

Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK
Twilio has confirmed that, for 8 or so hours on July 19, a malicious version of their TaskRouter JS SDK was being served from their one of their AWS S3 buckets.

Details and PoC for critical SharePoint RCE flaw released
A “wormable” remote code execution flaw in the Windows DNS Server service (CVE-2020-1350) temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch Tuesday, but CVE-2020-1147, a RCE affecting Microsoft SharePoint, was also singled out as critical and requiring a speedy fix.

REMnux toolkit for malware analysis version 7 released
REMnux is a popular Linux-based toolkit for reverse-engineering malicious software which malware analysts have been relying on for more than 10 years to help them quickly investigate suspicious programs, websites, and document files.

Cybersecurity teams are struggling with a lack of visibility into key security controls
89% of security professionals are most concerned about phishing, web and ransomware attacks. This is especially alarming, considering that only 48% confirm that they have continuous visibility into the risk area of phishing, web and ransomware, a Balbix report reveals.

BadPower: Fast chargers can be modified to damage mobile devices
If you needed another reason not to use a charger made available at a coffeeshop or airport or by an acquaintance, here it is: maliciously modified fast chargers may damage your phone, tablet or laptop and set it on fire.

20,000+ new vulnerability reports predicted for 2020, shattering previous records
Over 9,000 new vulnerabilities have been reported in the first six months of 2020, and we are on track to see more than 20,000 new vulnerability reports this year — a new record, Skybox Security reveals.

Infosec is a mindset as well as a job, but burnout can happen to anyone
Time and again (and again), survey results tell us that many cybersecurity professionals are close to burnout and are considering quitting their jobs or even leaving the cybersecurity industry entirely.

Microsoft releases new encryption, data security enterprise tools
Microsoft has released (in public preview) several new enterprise security offerings to help companies meet the challenges of remote work.

Ransomware recovery: Moving forward without backing up
For IT, the biggest concern with a remote workforce is the inability to control the network in a traditional sense. Perhaps their greatest fear is a ransomware attack on company data made possible by users connected through their VPN and attaching to file shares.

In addition to traditional DDoS attacks, researchers see various abnormal traffic patterns
In the first quarter of 2020, DDoS attacks rose more than 278% compared to Q1 2019, and more than 542% compared to the last quarter, as published in the Nexusguard Q1 2020 Threat Report. DDoS attacks have become a global risk, and as attacks continue to increase in complexity, further spurred by the pandemic, ISPs will have to strengthen their security measures.

IT teams failing to deliver a positive remote employee experience
Conducted during the coronavirus pandemic, 1E unveils the findings of an analysis of the remote employee experience and the digital workplace in 2020.

How do cybercriminals secure cybercrime?
Trend Micro unveiled new insights analyzing the market for underground hosting services and detailing how and where cybercriminals rent the infrastructure that hosts their business.

How do I select a DMARC solution for my business?
To select a suitable DMARC solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

People work more while at home, but worry about data security
A global research report by Lenovo highlights the triumphs, challenges and the consequences of the sudden shift to work-from-home (WFH) during the COVID-19 pandemic and how companies and their IT departments can power the new era of working remotely that will follow.

Human error: Understand the mistakes that weaken cybersecurity
43% of US and UK employees have made mistakes resulting in cybersecurity repercussions for themselves or their company, according to a Tessian report.

27% of consumers hit with pandemic-themed phishing scams
Phishing is the top digital fraud scheme worldwide related to the COVID-19 pandemic.

Digital privacy: A double-edged sword
Digital privacy is paramount to the global community, but it must be balanced against the proliferation of digital-first crimes, including child sexual abuse, human trafficking, hate crimes, government suppression, and identity theft. The more the world connects with each other, the greater the tension between maintaining privacy and protecting those who could be victimized.

There’s CISSP training, then there’s official CISSP training
Put your trust in an (ISC)² Official Training Provider for your CISSP exam prep. (ISC)² partners with leading training providers throughout the world, so you have convenient access to official training that meets your needs.

More about

Don't miss