Week in review: ERP security, early warning of ransomware, Active Directory disaster recovery

Here’s an overview of some of last week’s most interesting news and articles:

ERP security: Dispelling common misconceptions
The various applications integrated in ERP systems collect, store, manage, and interpret sensitive data from the many business activities, which allows organizations to improve their efficiency in the long run. Needless to say, the security of such a crucial system and all the data it stores should be paramount for every organization.

Confirmed: Browsing histories can be used to track users
Browsing histories can be used to compile unique browsing profiles, which can be used to track users, Mozilla researchers have confirmed.

The state of GDPR compliance in the mobile app space
A group of academics from three German universities has decided to investigate whether and how mobile app vendors respond to subject access requests, and the results of their four-year undercover field study are dispiriting.

Most organizations have no Active Directory cyber disaster recovery plan
Although 97% of organizations said that Active Directory (AD) is mission-critical, more than half never actually tested their AD cyber disaster recovery process or do not have a plan in place at all, a Semperis survey of over 350 identity-centric security leaders reveals.

A 2020 approach to security: People matter
Forgetting the people of the PPT approach is like operating a car without airbags. Perhaps you cannot physically see the hazardous gap, but the drive will be incredibly unsafe.

How do I select a password management solution for my business?
To select a suitable password management solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Three places for early warning of ransomware and breaches that aren’t the dark web
There are three additional, sometimes overlooked sources of early warning clues of ransomware and breaches I have seen yield more direct, actionable insights in my years as an incident response leader.

Facing gender bias in facial recognition technology
The algorithms used for facial recognition today rely heavily on machine learning (ML) models, which require significant training. Unfortunately, the training process can result in biases in these technologies. If the training doesn’t contain a representative sample of the population, ML will fail to correctly identify the missed population.

Malicious iOS SDK breaches user privacy for millions
Researchers discovered a malicious functionality within the iOS MintegralAdSDK (aka SourMint), distributed by Chinese company Mintegral.

Protect your organization in the age of Magecart
The continuing wave of attacks by cybercriminal groups known under the umbrella term Magecart perfectly illustrates just how unprepared many e-commerce operations are from a security point of view. It all really boils down to timing. If the e-commerce world was able to detect such Magecart attacks in a matter of seconds (rather than weeks or months), then we could see an end to Magecart stealing all of the cybercrime headlines.

The evolution of IoT asset tracking devices
Asset tracking is one of the highest growth application segments for the Internet of Things (IoT). According to a report by ABI Research, asset tracking device shipments will see a 51% year-on-year device shipment growth rate through 2024.

The global cost of cybercrime per minute to reach $11.4 million by 2021
Cybercrime costs organizations $24.7, YOY increase of more than $2 every minute, a RiskIQ report reveals. It will also have a per-minute global cost of $11.4 million by 2021, a 100% increase over 2015.

91% of cybersecurity pros want stricter internet measures to tackle misinformation
There’s a growing unease amongst the cybersecurity community around the recent rise in misinformation and fake domains, Neustar reveals.

New attack vectors make securing virtual companies even more challenging
As organizations are settling into long-term remote working, new attack vectors for opportunistic cyberattackers—and new challenges for network administrators have been introduced, Nuspire reveals.

COVID-19 impact on digital transformation, cloud and security strategies
Half a year into the shutdown, companies are still playing catch up to optimize their remote work experience, according to Infoblox.

Swap Detector: Open source tool for detecting API usage errors
GrammaTech has released Swap Detector, an open source tool that enables developers and DevOps teams to identify errors due to swapped function arguments, which can also be present in deployed code.