Week in review: Top 10 most exploited vulns, SMB ransomware extortion, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news and articles:

SolarWinds Orion exploited by another group of state-sponsored hackers
Another group of state-sponsored hackers has exploited the ubiquity of SolarWinds software to target US government agencies, Reuters reported on Tuesday.

Top 10 most exploited vulnerabilities from 2020
Vulnerability intelligence-as-a-service outfit vFeed has compiled a list of the top 10 most exploited vulnerabilities from 2020, and among them are SMBGhost, Zerologon, and SIGRed.

Actively exploited SonicWall zero-day affects SMA 100 series appliances
SonicWall has confirmed that the actively exploited zero-day vulnerability spotted by the NCC Group on Sunday affects its Secure Mobile Access (SMA) 100 series appliances.

February 2021 Patch Tuesday forecast: The human communication aspect
We spend a lot of time each month discussing the technical details surrounding vulnerabilities, software updates, and the tools we use for patch management in our organizations. But in the end, the success of patch management is dependent on the coordination of all the people involved.

The transportation sector needs a standards-driven, industry-wide approach to cybersecurity
Despite the uncertainties of the last year, the transformation of the transportation sector forged ahead, dominated by the prevailing trend of CASE (Connected, Autonomous, Shared, Electrified) technologies.

How consumers protect sensitive information when using FinTech apps
ESET has explored the topic of data security in the consumer segment of its global financial technology (FinTech) research, surveying 10,000 consumers across the UK, US, Australia, Japan and Brazil.

Linux malware backdoors supercomputers
ESET researchers discovered Kobalos, a malware that has been attacking supercomputers – high performance computer (HPC) clusters – as well as other targets such as a large Asian ISP, a North American endpoint security vendor, and several privately held servers.

Runtime data no longer has to be vulnerable data
Today, the security model utilized by nearly all organizations is so weak that the mere act of creating new data comes with the immutable assumption that such data will become public and subject to theft or misuse.

Board members aren’t taking cybersecurity as seriously as they should
Trend Micro shared results from a study that reveals systemic challenges with security integration into business processes. The report includes the top ways to drive engagement and agreement around cybersecurity strategies within an organization.

SMB ransomware extortion: Identifying pieces of the puzzle
2020 saw a new trend emerge: ransomware victims who were unwilling or unable to pay the ransom were faced with the threat of their sensitive information being exposed. Ponying up the ransom used to be the scariest part of ransomware, but now it’s the humiliation that has companies running scared.

How do I select a PAM solution for my business?
To select a suitable PAM solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

93% of workers overshare online, causing security risks
Tessian reveals just how much, and how often, people divulge about their lives online and how attackers take advantage of it. With insights from both professionals and hackers, the report explores how cybercriminals use an abundant and seemingly cheap resource — the personal information people share on social media and in out-of-office alerts — to craft social engineering attacks.

Kick off the year with a new vendor management spring cleaning strategy
Your company’s vendor management program may not be what you need to get the most out of your cybersecurity vendors, so I’ll focus on a Cyber Vendor Optimization Strategy. The goal is to synchronize your annual cyber strategy / plan with your current vendors to make everyone successful in accomplishing your mission.

Major trends that are changing the CISO role
In a rapidly changing business environment, the role of the CISO has hugely expanded in its scope and responsibilities, a BT Security survey of over 7000 business leaders, employees and consumers from across the world reveals.

How to motivate employees to take cybersecurity seriously
How can we push employees / users to take cybersecurity to heart? Dr. Maria Bada, external behavioral scientist at AwareGO, has been working on the answer for years.

The first step in protecting ourselves is realizing that there’s a lot we can do to stay safe online
While the shift to a digital-first life was brought on by the global pandemic, U.S. consumers plan to keep it up – with online banking (61%), social engagements (56%), and personal shopping (52%), at the top of the list, McAfee reveals.

Container security is a priority, but who’s responsibility is it?
NeuVector released a survey that identifies current trends and challenges enterprises are grappling with as they increasingly turn to microservices architectures.

To combat cyber warfare the security industry needs to work together
Just when we thought 2020 couldn’t get worse, security firm FireEye broke the news that the compromise of a software solution by IT solutions provider SolarWinds had resulted in security breaches across the public and private sector, at dozens of companies and government agencies, including the U.S. Departments of Commerce, Treasury, Justice, Defense, and the Center for Disease Control.

NIST provides guidance to protect controlled unclassified information
Vulnerable data includes the sensitive but unclassified information managed by government, industry and academia in support of various federal programs. Now, a finalized publication from NIST provides guidance to protect such controlled unclassified information (CUI) from APTs.

Data loss prevention strategies for long-term remote teams
For many, a distributed hybrid workforce is the new normal, vastly expanding their threat landscape and making it more challenging to secure data and IT infrastructure. In this environment, companies need to pivot their defensive capacity, ensuring that they are prepared to meet the moment (i.e., the threats).

AlmaLinux Beta released, the CentOS replacement is ready for testing
AlmaLinux, the open source enterprise-level Linux distribution created as an alternative to CentOS, is released in beta with most RHEL packages and is ready for community testing. A stable release is planned for the end of the Q1 2021.

Open-source tool for hardening commonly used HMI/SCADA system
Otorio, a provider of OT security and digital risk management solutions, released an open-source tool designed for hardening the security of GE Digital’s CIMPLICITY, one of the most commonly used HMI/SCADA systems.

Download: The Phisher’s Playbook
Read The Phisher’s Playbook to gain a perspective of how phishers plan their scams and how you can protect from them.

More about

Don't miss