Week in review: PHP supply chain attack, common zero trust traps, hardening CI/CD pipelines

Here’s an overview of some of last week’s most interesting news and articles:

Attackers tried to insert backdoor into PHP source code
The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers.

The growing threat to CI/CD pipelines
By hardening CI/CD pipelines and addressing security early in the development process, developers can deliver software faster and more securely.

DDoS attacks in 2021: What to expect?
Hoping for a major Bitcoin payout, DDoS attackers continue to raise the bar when it comes to attack size, frequency, and target diversification.

Digital dependence and innovation: Two critical trends in cyber espionage and crime
If digital dependence means the current trend in attacks affects us all globally, the most powerful takeaway is how we can better defend ourselves in an easier and better fashion by incorporating that digital innovation that we use in other portions of the enterprise within cybersecurity.

As DX acceleration continues, identity and zero trust need to be central in all business decisions
The pandemic-driven shift to remote work has significantly changed how companies are investing in identity and access management capabilities and zero trust security, according to a survey from Ping Identity.

Why certificate automation is no longer just “nice to have”
As internet standards groups look to boost trust and security through new requirements for shorter certificate lifecycles and online privacy acts introduce increasingly punitive regulatory mandates, the business risks of certificate management are only increasing.

VMware patches critical vRealize Operations flaws that could lead to RCE
Two vulnerabilities (CVE-2021-21975, CVE-2021-21983) recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote code execution (RCE) on the underlying operating system, Positive Technologies researchers have found.

Cloud security experts wanted: You can be one of them
A recent study from Boston Consulting Group and analytics firm Faethm has attempted to predict how digitization and technology will upend labor markets in Australia, Germany, and the United States in the next decade, and has concluded that labor shortfalls will be considerable.

Nearly 40% of new ransomware families use both data encryption and data theft in attacks
Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are among the critical threats to organizations, according to F-Secure.

How do I select a bot protection solution for my business?
To select a suitable bot protection solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

3 steps to meeting data privacy regulation compliance through identity programs
As challenging as 2020 was, it provided invaluable lessons that security and identity teams can apply as best practices for enterprises to adhere to regulatory and compliance standards, such as the CPRA and the GDPR.

The importance of a zero trust-based approach to identity security
97 percent of senior security executives say attackers are increasingly trying to steal one or more types of credentials, a CyberArk survey reveals.

How much of the data created and replicated should be stored?
The amount of data created and replicated experienced unusually high growth in 2020 due to the dramatic increase in the number of people working, learning, and entertaining themselves from home, according to IDC.

93% of consumers concerned about data security when filling out online forms
Source Defense provides in-depth analysis of the client-side threat landscape and specific attacks like formjacking, Magecart and web browser threats.

Stop using your employees as scapegoats: Change their behavior
Remote workforces pose new challenges for organizations, with the largest issue centered around fortifying the security of at-home workers.

5 key cybersecurity risks in 2021, and how to address them now
There are 5 areas businesses must plan for in their 2021 cybersecurity strategy in order to minimize risks.

Want to get around a CAPTCHA? That’ll be 0.00094c, please
CAPTCHAs are the most visible technique used by online businesses to differentiate between real customers and bots. Unfortunately, it’s a technology that’s under threat from a very old technology: outsourced manual labor.

How to avoid 4 common zero trust traps (including one that could cost you your job)
According to the National Security Agency’s guidance released on February 26, 2021, there are four key aspects of a zero-trust mindset.

Death, taxes, and hacks: How to prevent cyberattacks during tax season
Nearly 92 percent of U.S. taxpayers are now opting to electronically file returns. So what could possibly go wrong?

How well have remote workers adapted one year on?
Remote workers are still struggling with distracting working environments, stress and an ‘always-on’ culture after a year of working from home, an Egress research has revealed.

Lack of IT-OT collaboration holding back smart factory security projects
61% of manufacturers have experienced cybersecurity incidents in their smart factories and are struggling to deploy the technology needed to effectively manage cyber risk, according to a Vanson Bourne survey of 500 IT and OT professionals in the United States, Germany and Japan.

New infosec products of the week: April 2, 2021
A rundown of the most important infosec products released last week.

More about

Don't miss