Week in review: Hardware security, protecting APIs, determining the true impact of a cyber attack

Here’s an overview of some of last week’s most interesting news, reviews and articles:

The biggest cyber threats organizations deal with today
Microsoft has released a new report outlining enterprise cyberattack trends in the past year (July 2019 – June 2020) and offering advice on how organizations can protect themselves.

Three immediate steps to take to protect your APIs from security risks
Undermining the power of an API-driven development methodology are shadow, deprecated and non-conforming APIs that, when exposed to the public, introduce the risk of data loss, compromise or automated fraud.

How vital is cybersecurity awareness for a company’s overall IT security?
The benefits of cybersecurity awareness programs are currently the subject of broad discussion, particularly when it comes to phishing simulations. Nowadays, companies not only invest in IT security solutions, but also in the training of their employees with the goal of making them more conscious of security issues.

Large US hospital chain hobbled by Ryuk ransomware
US-based healtchare giant Universal Health Services (UHS) has suffered a cyberattack, which resulted in the IT network across its facilities to be shut down.

Measuring impact beyond a single incident
Determining the true impact of a cyber attack has always and will likely be one of the most challenging aspects of this technological age.

Hardware security: Emerging attacks and protection mechanisms
Maggie Jauregui’s introduction to hardware security is a fun story: she figured out how to spark, smoke, and permanently disable GFCI (Ground Fault Circuit Interrupter – the two button protections on plugs/sockets that prevent you from electrocuting yourself by accident with your hair dryer) wirelessly with a walkie talkie.

Permanent remote work puts greater pressure on IT teams
82% of IT leaders think their company is at a greater risk of phishing attacks, and 78% believe they are at a greater risk of an insider attack, when employees are working from home, according to a report from Tessian.

85% of COVID-19 tracking apps leak data
71% of healthcare and medical apps have at least one serious vulnerability that could lead to a breach of medical data, according to Intertrust.

Review: ThreadFix 3.0
This is a review of ThreadFix 3.0, a vulnerability management platform that helps organizations overcome these challenges and manage risky applications and infrastructure efficiently and in alignment with the agile development processes.

4.83 million DDoS attacks took place in the first half of 2020, a 15% increase
Attackers focused on COVID-era lifelines such as healthcare, e-commerce, and educational services with complex, high-throughput attacks designed to overwhelm and quickly take them down, Netscout reveals.

Rising reports of fraud signal that some COVID-related schemes may just be getting started
As the economic fallout of the COVID-19 crisis continues to unfold, a research from Next Caller, reveals the pervasive impact that COVID-related fraud has had on Americans, as well as emerging trends that threaten the security of contact centers, as we head towards what may be another wave of call activity.

MITRE Shield shows why deception is security’s next big thing
MITRE recently added to their portfolio and released MITRE Shield, an active defense knowledge base that captures and organizes security techniques in a way that is complementary to the mitigations featured in MITRE ATT&CK.

Cybersecurity lessons learned from data breaches and brand trust matters
Your brand is a valuable asset, but it’s also a great attack vector. Threat actors exploit the public’s trust of your brand when they phish under your name or when they counterfeit your products. The problem gets harder because you engage with the world across so many digital platforms – the web, social media, mobile apps. These engagements are obviously crucial to your business.

The lifecycle of a eureka moment in cybersecurity
It takes more than a single eureka moment to attract investor backing, especially in a notoriously high-stakes and competitive industry like cybersecurity.

Is passwordless authentication actually the future?
While passwords may not be going away completely, 92 percent of respondents believe passwordless authentication is the future of their organization.

Whitepapers: Stronger cybersecurity starts with CISSP
The latest whitepapers examine the expanding threat landscape and how cybersecurity can drive business growth with the right experts in place.

Report: Hunting Evasive Malware
Get new insights and defensive guidance from this Threat Intelligence Spotlight: Hunting Evasive Malware that draws on data from the 650-plus organizations that eSentire protects and VMware Carbon Black’s extensive endpoint protection install base.

New infosec products of the week: October 2, 2020
A rundown of the most important infosec products released last week.