Week in review: Exchange Servers under attack, disinformation economics, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news and articles:

How do I select a cloud security solution for my business?
To select a suitable cloud security solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

Critical flaw in Rockwell PLCs allows attackers to fiddle with them (CVE-2021-22681)
A critical, easy to exploit vulnerability (CVE-2021-22681) may allow attackers to remotely connect to a number of Rockwell Automation’s programmable logic controllers (PLCs) and to install new (malicious) firmware, alter the device’s configuration, and so on. Due to these factors the vulnerability has received the maximum CVSS v3 severity score – 10.0.

Exchange Servers targeted via zero-day exploits, have yours been hit?
Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by attackers in the wild to plunder on-premises machines.

The economics behind global disinformation engines and strategies for mitigation
Online propaganda is a rapidly growing problem, leaving chaos, mistrust, and revolutions rumblings in its wake. Broad propaganda penetration is achieved by following a specific set of steps, according to a new IDC Government Insights report.

Security starts with architecture
Developers typically identify a problem, and then look for the simplest and fastest solution possible. That is the patch-by-patch formula we want to move away from.

March 2021 Patch Tuesday forecast: Off to an early start
Microsoft got an early start on Patch Tuesday, releasing a series of out-of-band security updates for actively exploited bugs in Exchange Server.

Multi-payload Gootloader platform stealthily delivers malware and ransomware
The Gootloader infection chain begins with sophisticated social engineering techniques that involve hacked websites, malicious downloads, and manipulated search engine optimization (SEO). When someone types a question into a search engine such as Google, the hacked websites appear among the top results.

Protecting the digital workplace with an integrated security strategy
COVID-19 propelled the world of IT years into the future. Organizations considering long-term digital transformation plans were abruptly forced to accelerate their timeline, so employees could work remotely amid shelter-in-place orders. Is it possible to secure this new digital world, when IT security teams are still struggling to protect the old one?

Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708)
Security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel.

Preparing for the Cybersecurity Maturity Model Certification onslaught
For the Defense Industrial Base (DIB), the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) compliance requirement is the hot news topic of 2021. In fact, across the DIB market, CMMC compliance will probably stay a focus through at least 2025.

Proliferation of sneakerbots across industries: The long tail of DIY bot operators
Stopping unwanted bots is an increasingly difficult challenge, which is why it continues to make headlines across industries and varying aspects of online businesses.

Risky business: 3 timeless approaches to reduce security risk in 2021
Since the COVID-19 pandemic drove workforces home, we’ve seen an increase in security risk across the board: from an increase in phishing and spear phishing attacks to an increase in reliance on third-party DNS-over-HTTPS resolver use and sophisticated nation-state attacks like the one that hit SolarWinds.

Most IT security leaders lack confidence in their company’s security posture
78% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges.

Data is most at risk on email, with 83% of organizations experiencing email data breaches
95% of IT leaders say that client and company data is at risk on email, an Egress report reveals. Additionally, an overwhelming 83% of organizations have suffered data breaches via this channel in the last 12 months.

10 strategies small security teams can use for effective cybersecurity management
As the challenges of smaller security teams are certainly different than with larger teams, these IT professionals must be more creative and pragmatic than their large enterprise counterparts.

Cybercriminals continue to target trusted cloud apps
The majority of all malware is now delivered via cloud applications, underscoring how attackers increasingly abuse popular cloud services to evade legacy security defenses putting enterprise data increasingly at risk.

Alexa Skills: Security gaps and data protection problems
With the voice commands “Alexa Skills,” users can load numerous extra functions onto their Amazon voice assistant. Amazon screens special voice assistant functions for security. However, scammers can circumvent this check.




Share this