Week in review: Kali Linux 2021.2, the human cost of understaffed SOCs, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and interviews:

Kali Linux 2021.2 released: Kaboxer, Kali-Tweaks, new tools, and more!
Offensive Security has released Kali Linux 2021.2, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it.

June 2021 Patch Tuesday forecast: Patch management is back in the spotlight
Every day you look in the security news, there are reports of new ransomware attacks. Just after May Patch Tuesday we heard about the Colonial Pipeline attack, and this week JBS USA, a major beef producer, was attacked as well.

How do I select a data analytics solution for my business?
To select a suitable data analytics solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

The human cost of understaffed SOCs
SOC and IT security teams are suffering from high levels of stress outside of the working day – with alert overload a prime culprit, a Trend Micro study reveals.

Best practices for securing the CPaaS technology stack
Like everything that’s connected to the cloud, Communications Platform-as-a-Service (CPaaS) solutions are vulnerable to hacking, which increased dramatically as workforces shifted to remote and hybrid models because of the pandemic.

Malware-related attacks jump by 54%
Extensive analysis of cyberthreats in 2020 reveals a 91% jump in attacks on industrial companies and a 54% rise in malware-related attacks compared to 2019. Medical institutions ranked first in ransomware attacks, Positive Technologies reports.

Changes in the privacy landscape through the pandemic
The pandemic has turned the way businesses operate upside down. In the rush to keep the lights on, businesses pivoted online to keep sales up and maintain customer services. But at what cost?

Cybersecurity industry analysis: Another recurring vulnerability we must correct
Cybersecurity tooling is a much-needed component of cyber defense, and tools will always have a place. Analysts have been absolutely on point in recommending the latest tools in a risk mitigation approach for enterprises, and that will not change.

Organizations have seen an increase in device encryption
32% of organizations have seen an increase in device encryption in the past year, according to a Vanson Bourne survey.

White House urges private sector to enhance their ransomware defenses
In light of the ransomware attacks hitting high-profile targets such as the Colonial Pipeline and JBS, the White House has issued an open letter to private sector companies, urging them to do their part to stymie the threat.

The most important point in a cyberattack is before it happens
Let’s get the scary thing out of the way: more than half of businesses have dealt with a serious security breach in the last two years. The chances of one happening are so high that organizations need to plan for a breach. The good news, though, is there are straightforward ways of minimizing the impact before an attacker even so much as looks in the direction of your organization.

Rethinking SIEM requires rethinking visibility
SIEM was created over fifteen years ago to integrate security data for providing real-time analysis of security alerts generated by applications and network hardware. Admittedly, there was too much reliance on log data and not a complete enough representation from all parts of the attack surface or assets being protected, but SIEMs have provided significant value.

Quantum computing: How should cybersecurity teams prepare for it?
Whilst all quantum benefits are only theorized at this stage in the technology’s development, smart organizations will be adapting their strategy over the coming years to account for a quantum future.

Making transparency a norm in cybersecurity
The general lack of transparency around cybersecurity continues to be one of the largest factors holding back the combined ability of the public and private sector to truly defend against the impact of cyberattacks.

Adapting the network for a remote working future
Many organizations have concluded that flexible remote working will be a mainstay for the foreseeable future, but even those that can’t or won’t embrace a remote or hybrid strategy will need to ensure they can weather a storm like the COVID-19 pandemic again.

EUCC receives first EU cybersecurity certification scheme
In July 2019, the EUCC was the first candidate cybersecurity certification scheme request received by the EU Agency for Cybersecurity (ENISA) under the Cybersecurity Act.

The power of positive reinforcement in combating cybercriminals
Funnily enough, humans aren’t too different from dogs when it comes to changing a behavior for the better. One of the most powerful leadership tools is positive reinforcement — a proven and effective method for shaping and changing behavior.

Critical vulnerabilities identified in CODESYS ICS automation software
Researchers have identified 10 vulnerabilities in CODESYS automation software for industrial control systems. Some are of high and critical severity.

A CISO’s Guide: Mitigating the Human Risk Factor
Verizon’s 2021 data breach report shows phishing is responsible for the vast majority of breaches and Business Email Compromises were the second most common form of social engineering. Hackers tap into human cognitive biases to sway users’ decisions based on irrelevant or misleading information. Download this guide to better understand what makes users click when they shouldn’t.

Reimagining enterprise cryptography: How to regain control in a fragmented environment
Cryptography has been on a significant journey over the past two decades. Its role in securing the digital world of 20 years ago was very different to its role in the modern enterprise. Today, it is understood that attackers are everywhere, and we cannot rely on a strong perimeter to keep them out.

It’s time to stop ransomware in its tracks
Only 16% of organizations have reported no security incident types related to phishing and ransomware in the past 12 months. That’s according to a survey done by Osterman Research. For most of us, though, phishing, particularly ransomware, has become an all-encompassing worry.

Helping security teams respond to gaps in security and compliance programs with Qualys CSAM
In this interview with Help Net Security, Edward Rossi, VP, Product Management, Asset Inventory and Discovery at Qualys, talks about how the solution enables security professionals to see the entire picture of their assets – from inventory to detection to response.

CIS Community Defense Model v2.0 is coming this summer
Changes and advances in technology (and changes in workplace circumstances) have prompted a revamp of the CIS Community Defense Model (CDM).

More about

Don't miss