Week in review: SolarWinds hack and related attacks, life without passwords, how to make DevSecOps stick

Here’s an overview of some of last week’s most interesting news and articles:

The SolarWinds supply chain attack and related hacks
When the week before last FireEye said they’ve been breached by sophisticated attackers using a “novel combination of techniques,” we wondered what those were. We didn’t have to wait long – news of the SolarWinds hack and the consequent revelations about the attackers using the company’s products as a stepping stone towards compromising a slew of US government agencies and other targets have revealed some of the attackers’ capabilities.

45 million medical images left exposed online
More than 45 million medical images – including X-rays and CT scans – are left exposed on unprotected servers, a CybelAngel report reveals.

Imagining a professional life without passwords
A passwordless login experience provides employees with a user-friendly and secure way of accessing their accounts and devices – no matter where they are. This eliminates many password-related risks, such as password reuse or failing to change default credentials, which means improved security and a more productive workforce by reducing the need for IT support.

What’s at stake in the Computer Fraud and Abuse Act (CFAA)
Intended as the United States’ first anti-hacking law, the CFAA was enacted almost thirty-five years ago, long before lawyers and technologists had any sense of how the Internet would proliferate and evolve. In fact, the Act is outdated enough that it specifically excludes typewriters and portable hand-held calculators as a type of computer.

How to make DevSecOps stick with developers
The main idea behind DevSecOps is to incorporate security far earlier into the software lifecycle development process. Unfortunately, when speed is everything, developers are often reluctant to prioritize security – so how do you make DevSecOps stick with developers?

Remote and cloud-based systems to be ruthlessly targeted next year
Home networks, remote working software and cloud systems will be at the center of a new wave of attacks in 2021, Trend Micro predicts.

5 reasons IT should consider client virtualization
Virtualization has brought a dramatic level of growth and advancement to technology and business over the years. It transforms physical infrastructure into dedicated, partitioned virtual machines (VM) that deliver critical cloud applications and services to multiple customer organizations using the same hardware.

Three signs your SOC is ready for XDR
Over the past year, there’s been a movement growing in the industry towards Extended Detection and Response, or XDR. While a few offerings represent broad portfolio consolidation and convergence towards packaging multiple solutions into one, there’s an undeniable demand for a more outcome-oriented approach to threat detection and response.

How COVID-19 has impacted the security threat landscape
A WatchGuard report reveals how COVID-19 has impacted the security threat landscape, with evidence that attackers continue to target corporate networks despite the shift to remote work, and a rise in pandemic-related malicious domains and phishing campaigns.

Cisco re-patches wormable Jabber RCE flaw
In September 2020, Cisco patched four Jabber vulnerabilities (including one wormable RCE flaw), but as it turns out, three of four have not been sufficiently mitigated.

42% of security leaders said the pandemic has changed their cybersecurity priorities
Fudo Security published the results of it survey, enlisting the unique perspectives of a diverse, select group of CISOs, senior cybersecurity executives and industry decision-makers from around the globe including the US, Europe, Asia and MENA. More than 42% said the pandemic has changed their cybersecurity priorities.

More than half of organizations don’t have an insider risk response plan
Both business and security leaders are allowing massive insider risk problems to fester in the aftermath of the significant shift to remote work in the past year, according to a Code42 report.

Countries that retaliate too much against cyberattacks make things worse for themselves
The core of the matter involves deterrence and retaliation. In conventional warfare, deterrence usually consists of potential retaliatory military strikes against enemies. But in cybersecurity, this is more complicated.

2020 broke cybersecurity records, here’s what’s to come in the new year
With chaos and uncertainty reigning, 2020 created near-perfect conditions for cybercriminals. The COVID-19 pandemic transformed the way we live and triggered a mass migration to digital channels as companies virtually replaced in-person interactions for employees and consumers alike. Nearly ten months in, the pandemic rages on, and cybersecurity threats are accelerating.

Secure enclave protection for AI and ML
Most countries, including the United States, view AI technology as critical to retaining or establishing global business leadership. The promise and value of AI and ML rank equal or higher to other intellectual property or corporate secrets within an organization.

Security automation: Time for a new playbook
From increasingly sophisticated threats to the mad concoction of on-premise and cloud solutions that comprise most organizations’ IT infrastructure and the plethora of new IoT devices and a highly distributed workforce, enterprises and government agencies face a wide range of challenges that make cyber threat detection and response more difficult than ever before.