Week in review: Cybersecurity workforce gap decreases, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles:

Every employee has a cybersecurity blind spot
80% of companies say that an increased cybersecurity risk caused by human factors has posed a challenge during the COVID-19 pandemic, particularly in times of heightened stress.

Microsoft advises users to stop using SMS- and voice-based MFA
Multi-factor authentication (MFA) that depends on one of the authentication factors being delivered via SMS and voice calls should be avoided, Alex Weinert, Director of Identity Security at Microsoft, opined.

November 2020 Patch Tuesday: Microsoft fixes actively exploited Windows Kernel flaw
Microsoft plugged 112 CVE-numbered flaws in a variety of its products, including CVE-2020-17087, a Windows Kernel privilege escalation vulnerability disclosed the week before by Google, as it was being actively exploited in the wild.

Cybersecurity workforce gap decreases, job satisfaction rates increase
For the first time, there’s a year-over-year reduction in the cybersecurity workforce gap, due in part to increased talent entry into the field and uncertain demand due to the economic impact of COVID-19, (ISC)² finds.

(IN)SECURE Magazine issue 67 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 67 has been released today. It’s a free download, no registration required.

Researchers discover POS backdoor targeting the hospitality industry
ESET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS (point-of-sale) – a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide.

Malware activity spikes 128%, Office document phishing skyrockets
Nuspire released a report, outlining new cybercriminal activity and tactics, techniques and procedures (TTPs) throughout Q3 2020, with additional insight from Recorded Future.

Finding 365 bugs in Microsoft Office 365
During an upcoming presentation at HITB CyberWeek 2020, Ashar Javed, a security engineer at Hyundai AutoEver Europe, will share stories from his journey towards discovering 365 valid bugs in Microsoft Office 365. We took this opportunity to ask him about his work.

FTC orders Zoom to enhance security practices
Zoom Video Communications, the maker of the popular Zoom video conferencing solution, has agreed to settle allegations made by the US Federal Trade Commission (FTC) that it “engaged in a series of deceptive and unfair practices that undermined the security of its users.”

What’s stopping job seekers from considering a career in cybersecurity?
(ISC)² has recently asked 2,500 people across the US and the UK who don’t currently work in cybersecurity roles and have never worked in the field about how they view cybersecurity workers, whether they would consider entering the field, and what’s stopping them from doing it.

End-to-end encrypted communication mitigates enterprise security risk and ensures compliance
It is a mathematical certainty that data is more protected by communication products that provide end-to-end encryption (E2EE). Yet, many CISOs are required to prioritize regulatory requirements before data protection when considering the corporate use of E2EE communications.

Encryption-based threats grow by 260% in 2020
New Zscaler threat research reveals the emerging techniques and impacted industries behind a 260-percent spike in attacks using encrypted channels to bypass legacy security controls.

Stop thinking of cybersecurity as a problem: Think of it as a game
Cybersecurity isn’t a battle that’s ultimately won, but an ongoing game to play every day against attackers who want to take your systems down. We won’t find a one-size-fits-all solution for the vulnerabilities that were exposed by the pandemic. Instead, each company needs to charge the field and fend off their opponent based on the rules of play.

Making history: The pandemic, disaster recovery and data protection
Let’s face it, because of the pandemic a lot of companies were caught off guard with insufficient plans for data protection and disaster recovery (DR). That isn’t easy in the best of times, never mind during a pandemic. Even those with effective strategies now must revisit and update them.

New side-channel attacks allow access to sensitive data on Intel CPUs
An international team of security researchers is presenting new side-channel attacks (CVE-2020-8694 and CVE-2020-8695), which use fluctuations in software power consumption to access sensitive data on Intel CPUs.

How IoT insecurity impacts global organizations
As the Internet of Things becomes more and more part of our lives, the security of these devices is imperative, especially because attackers have wasted no time and are continuously targeting them.

Fraudsters increasingly creative with names and addresses for phishing sites
COVID-19 continues to significantly embolden cybercriminals’ phishing and fraud efforts, according to research from F5 Labs.

The evolving role of the CTO
The CTO role is changing to encompass supply chain resiliency, communications solutions and support for sales teams, preventing technological surprise and meeting broader business unit needs.

Product showcase: Specops Password Auditor
Specops Password Auditor, a free tool, provides an automated tool to proactively scan and find weak, reused, and breached passwords in use in your Active Directory environment. The best part – it makes this process extremely easy.

Q&A session: Examples of what it takes to achieve DevSecOps maturity
Join Cobalt for an interactive 1-hour Q&A session that tackles real-life examples of what it takes to achieve DevSecOps maturity.

More about

Don't miss