Here’s an overview of some of last week’s most interesting news and articles:
August 2020 Patch Tuesday forecast: Planning for the end?
There doesn’t seem to be an end in sight to the COVID-19 crisis, but there are some important end-of-life/end-of-support dates we should be aware of when it comes to software.
Researchers flag two zero-days in Windows Print Spooler
Researchers found a way to bypass the patch for CVE-2020-1048 and re-exploit the vulnerability on the latest Windows version. They’ve also discovered a DoS flaw affecting the Print Spooler service, which won’t be patched.
How can security leaders maximize security budgets during a time of budget cuts?
While some security programs have become bloated, many don’t necessarily deserve to be cut. Given the gravity of today’s situation, it’s time for security leaders to step in and do what they can to justify spending that bolsters their company’s overall security posture.
Open source tool Infection Monkey allows security pros to test their network like never before
Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation (BAS) tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework.
TeamViewer flaw could be exploited to crack users’ password
A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation.
PE Tree: Free open source tool for reverse-engineering PE files
PE Tree, a malware reverse-engineering, open source tool developed by the BlackBerry Research and Intelligence team, has been made available for free to the cybersecurity community.
Granting employees admin status is convenient but risky
Freely granting employees admin status is one of the most common mistakes enterprises make.
The COVID-19 pandemic and its impact on cybersecurity
The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for hackers and online scammers, and cybersecurity pros saw a 63 percent increase in cyber-attacks related to the pandemic, according to a survey by ISSA and ESG.
Misconfigured cloud storage services are commonplace in 93% of deployments
Misconfigured cloud storage services are commonplace in a stunning 93% of the cloud deployments analyzed, and most also have at least one network exposure where a security group is left wide open.
Firefox to block redirect tracking
Mozilla has announced a new Firefox protection feature to stymie a new user tracking technique lately employed by online advertisers: redirect tracking.
4 in 10 organizations punish staff for cybersecurity errors
New research has found that 42% of organizations are taking disciplinary action against staff who make cybersecurity errors.
New defense method enables telecoms, ISPs to protect consumer IoT devices
“Most home users don’t have the awareness, knowledge, or means to prevent or handle ongoing attacks,” says Yair Meidan, a Ph.D. candidate at BGU.
New Open Source Security Foundation wants to improve open source software security
The Linux Foundation announced the formation of the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by building a broader community with targeted initiatives and best practices.
Security analysis of legacy programming environments reveals critical flaws
New research from Trend Micro highlights design flaws in legacy languages and released new secure coding guidelines.
Engaging business units in security governance: Why everyone should be concerned
The idea that security is everyone’s business is a familiar refrain. But as enterprises look to combine the speed of software delivery with both cybersecurity and business value, they need to incorporate the idea that business is everyone’s business too.
A Silicon Valley business exec’s tips for maintaining organizational security
With black hat hackers becoming more sophisticated and leveraging the increase in remote working for malicious purposes, new strategies and an increased focus on security best practices is key to keeping a business secure. How can business leaders ensure security is prioritized across their organization?
How to implement expedited security strategies during a crisis
Cybersecurity analysts can confirm that to properly manage a remote digital workforce, an enterprise should focus its security measures on three key pillars.
How AI can alleviate data lifecycle risks and challenges
What are the most common data lifecycle challenges and risks businesses are facing today and how to overcome them?
How privacy can decrease safety
As a software company founder, Lisa Thee spent the majority of 2017 collecting feedback from teens, pediatricians, church leaders, and school administrators of the trends they are seeing in the United States related to sexting and sextortion.
New infosec products of the week: August 7, 2020
A rundown of infosec products released last week.