Here’s an overview of some of last week’s most interesting news, reviews, articles and podcasts:
Open source vulnerabilities go undetected for over four years
For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and developers’ practices regarding vulnerability reporting, alerting and remediation.
How to reduce the risk of third-party SaaS apps
Third-party SaaS apps (and extensions) can significantly extend the functionality and capabilities of an organization’s public cloud environment, but they can also introduce security concerns. Many have permission to read, write, and delete sensitive data, which can have a tremendous impact on security, business, and compliance risk.
Why microlearning is the key to cybersecurity education
Microlearning and gamification are new ways to help encourage and promote consistent cybersecurity learning. This is especially important because of the changing demographics: there are currently more millennials in the workforce than baby boomers, but the training methods have not altered dramatically in the last 30 years.
Which security practices lead to best security outcomes?
A proactive technology refresh strategy and a well-integrated tech stack are, according to a recent Cisco report, two security practices that are more likely than many others to help organizations achieve goals such as keeping up with business, creating security culture, managing top risks, avoiding major incidents, and so on.
Hackers are targeting the COVID-19 vaccine supply chain
Unknown hackers have been trying to compromise accounts and computer systems of employees in organizations involved in the COVID-19 vaccine supply chain.
Review: The Perfect Weapon
Released at the peak of the US 2020 election campaign and just before the election itself, the documentary examines the harsh reality of today’s conflicts between nations, relying not so much on physical weapons but rather on attacking the enemy in a more stealthy and unpredictable way, with cyber weapons.
How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?
Two separate groups of academics have recently released research papers based on research into the Domain Name System (DNS). One has found that the overwhelming majority of popular site operators haven’t learned from the 2016 Dyn/Mirai incident/attack and set up a backup DNS server, and the other has shown that the rate of DNS spoofing, though still very small, has more than doubled in less than seven years.
How to take SASE from a buzzword to a plan
Whether you are talking to your leadership or external auditors, it’s always best to be able to explain that your cybersecurity program is based on a framework utilizing industry best practices.
December 2020 Patch Tuesday forecast: Always consider the risk
The final Patch Tuesday of the year is upon us and what a year it has been. Forcing many changes this year, the pandemic has impacted the way we conduct both security and IT operations. But even with the need to support remote operations and new applications that enable coordinated communication, one important aspect has not changed – the need to focus on security risk.
Raising defenses against ransomware in healthcare
More than half a decade has passed since ransomware-wielding attackers started focusing on healthcare providers. Despite some initial misgivings about targeting life-saving organizations expressed by the denizens of cybercrime-oriented underground forums, the healthcare sector has, in the intervening years, become ransomware gangs’ target of choice.
Pandemic thinking: What if there were a vaccine for OT ransomware?
Every pandemic begs a vaccine. What if there were a vaccine for the cyber pandemic? What if there were a vaccine that could prevent OT attacks and the OT ransomware that has shut down hundreds of industrial sites in 2020? Targeted ransomware is one of today’s biggest and nastiest cyber threats.
Who are the worst password offenders of 2020?
As our lives have migrated almost entirely online due to the pandemic, the Dashlane list highlights the companies and organizations with the most significant password-related mishaps of 2020.
The three stages of security risk reprioritization
While organizations across various sectors were faced with the challenge of maximizing their telework posture, those in government services had the extra burden of supporting employees who needed remote access to classified information.
How do I select a pentesting solution for my business?
To select a suitable pentesting solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.
Cloud native security: A maturing and expanding arena
It’s not only Kubernetes security you need to consider when deploying cloud native technologies, but also the security of the surrounding tools. That’s why, when looking at a deployment, it’s worth asking what else is in the mix, and how those components handle security concerns.
IT leaders on 2021 opportunities, challenges and key technology trends
IEEE released the results of a survey of CIOs and CTOs in the U.S., U.K., China, India and Brazil regarding the most important technologies for 2021 overall, the impact of the COVID-19 pandemic on the speed of their technology adoption and the industries expected to be most impacted by technology in the year ahead.
Retail CISOs and the areas they must focus on
In this interview, Matt Cooke, cybersecurity strategist, EMEA at Proofpoint, discusses the cybersecurity challenges for retail organizations and the main areas CISOs need to focus on.
Foiling RaaS attacks via active threat hunting
In this Help Net Security podcast, Jon DiMaggio, Chief Security Strategist at Analyst1, talks about the characteristic of attacks launched by Ransomware-as-a-Service (RaaS) gangs and how organizations can prevent them from succeeding.
The challenges of keeping a strong cloud security posture
In this interview, Badri Raghunathan, Director of Product Management for Container and Serverless Security at Qualys, talks about cloud security, and their approach for enabling global CISOs to focus on what’s most important.
IBM offers quantum-safe cryptography support for key management and app transactions in the cloud
IBM announced a series of cloud services and technologies designed to help clients maintain the highest available level of cryptographic key encryption protection to help protect existing data in the cloud and prepare for future threats that could evolve with advances in quantum computing.
The CISO’s guide to rapid vendor due diligence
Rapid vendor due diligence can be challenging. This guide explains how it can be done.