Week in review: FireEye breach, vulnerable TCP/IP stacks, Kali Linux and the future of pentesting

Here’s an overview of some of last week’s most interesting news and articles:

FireEye breach: State-sponsored attackers stole hacking tools
U.S. cybersecurity company FireEye has suffered a breach, and the attackers made off with the company’s RedTeam tools, FireEye CEO Kevin Mandia has disclosed.

A light December 2020 Patch Tuesday for a no-stress end of the year
As expected, Microsoft fixed a smaller-than-usual number of CVEs on this December 2020 Patch Tuesday: 58 in total. Nine of these are “critical,” 46 “important,” and three are of “moderate” severity, and none are actively exploited or publicly known at this moment.

Key cybersecurity problems expected to mark 2021
After a year in which COVID-19 upended the way we live, work and socialize, we are likely to see an increased threat from ransomware and fileless malware in 2021, according to ESET.

How Kali Linux creators plan to handle the future of penetration testing
Offensive Security might best known as the company behind Kali Linux, the popular (and free) open-source pen testing platform, but its contribution to the information security industry is definitely not limited to it.

How do I select cyber insurance for my business?
To select suitable cyber insurance for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack
Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide.

Achieving digital transformation by overcoming identity fatigue
Conversations about digital transformation (DX) are so frequent and pervasive that we tend to lose track of how incomplete they can be. You might think that DX only concerns the Internet of Things (IoT), big data, and application programming interfaces (APIs). It is certainly about those things, but there is a lot more to DX.

CPRA hints at the future of cybersecurity and privacy
One of the most notable ballot propositions impacting the privacy and cybersecurity world during the US 2020 election was the passage of the California Privacy Rights Act (CPRA).

Phishers bypass Microsoft 365 security controls by spoofing Microsoft.com
A domain spoofing email phishing campaign that very convincingly impersonates Microsoft and successfully tricks legacy secure email gateways has recently been spotted by Ironscales.

Trends every IT leader needs to know to empower the enterprise
Only 37% of organizations definitely have the skills and technology to keep pace with digital projects during the COVID-19 pandemic, a MuleSoft survey reveals.

D-Link routers vulnerable to remotely exploitable root command injection flaw
The Digital Defense Vulnerability Research Team uncovered a previously undisclosed vulnerability affecting D-Link VPN routers. D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers running firmware version 3.14 and 3.17 are vulnerable to a remotely exploitable root command injection flaw.

Cybercrime costs the world more than $1 trillion, a 50% increase from 2018
Beyond the global figure, the report also explored the damage reported beyond financial losses, finding 92 percent of companies felt effects beyond monetary losses.

Ad-injecting malware hijacks Chrome, Edge, Firefox
When searching for things online, has a greater number of ads than usual been popping up at the top of your search results? If it has, and you’re using Microsoft Edge, Google Chrome, Yandex Browser, or Mozilla Firefox, you might have fallen prey to the ad-injecting Adrozek malware.

Six cryptographic trends we’ll see next year
2020 was a “transformative” year, a year of adaptability and tackling new challenges. As we worked with organizations to deploy mission-critical data security, cryptography was comparatively stable. What cryptographic trends will gain traction in 2021?

Combating the virtual and physical threats banks face
The banking sector has always been at the center of criminal attention. Today, banks must contend with near-constant cyber attacks from organized criminal gangs, as well as highly skilled and well-resourced threat actors working on behalf of nation-states.

Techno-nationalism isn’t going to solve our cyber vulnerability problem
Against the backdrop of intensifying cyber conflicts and the rapidly evolving threat landscape, a new wave of techno-nationalism is being trumpeted from almost every corner of the world.

How can companies secure a hybrid workforce in 2021?
While remote work comes with many benefits, it also presents several unique cybersecurity challenges. By now, the costs and consequences of a data breach or cybersecurity event are well-documented, and they threaten to undermine the benefits of this new work arrangement.

Most pros are concerned about cybersecurity risks related to 5G adoption
Most professionals say their organizations are concerned about cybersecurity risks related to 5G adoption (76.4% of professionals at organizations currently use 5G and 80.7% of professionals at organizations plan to adopt 5G in the year ahead), according to a Deloitte poll.

2021 predictions: The rise of cyber resilience
Each year seems to come with more cyber threats, “bad actors,” ransomware and data breaches. The security industry is on fire right now with technology providers continuing to innovate and develop new ways to help organizations defend against all these threats. However, not all of the security budget should be spent on prevention – organizations need to invest in a key IT trend in 2021: cyber resilience.

Researchers expose the stress levels of workers at different job positions
A Unify Square survey unveils key perspectives of enterprise employees on workplace collaboration and communication in the midst of the global pandemic.

More about

Don't miss