Week in review: Microsoft Teams risks, open-source dependencies, DNS’s role in network security

Here’s an overview of some of last week’s most interesting news and articles:

Data sharing in a smart city: Choosing the right approach
To achieve a true smart city and improve the quality of life for citizens, it should be a citywide effort. This entails sharing data for collaboration and coordination between previously disconnected people and organizations, including both public and private entities.

How do I select a unified endpoint management solution for my business?
To select a suitable UEM solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

The 6 steps to implementing zero trust
Here is a simple, six-stepped, repeatable process that can help organizations adopt a zero trust security model.

The role DNS plays in network security
New EfficientIP and IDC research sheds light on the frequency of the different types of DNS attack and the associated costs for the last year throughout the COVID-19 pandemic.

New Google tool reveals dependencies for open source projects
Google has been working on a new, experimental tool to help developers discover the dependencies of the open source packages/libraries they use and known security vulnerabilities they are currently sporting.

Beware of “Ransomware system update” emails!
Emails referencing the Colonial Pipeline ransomware attack and looking like they’ve been sent from the corporate IT help desk have been hitting employees’ inboxes and asking them to download and run a “ransomware system update.”

Organizations leveraging Microsoft Teams exposed to potential risk
75% of organizations deployed Microsoft Teams without proper governance or security in place, leaving them vulnerable to internal and external threats.

Defending the COVID-19 vaccine rollout with best practices from the cybersecurity industry
All over the world, COVID-19 vaccines have created a complex nexus of converging social, economic, and cultural forces, resulting in the need to address multi-faceted threats. In this two-part series, we’ll examine the different types of security threats facing our global vaccination efforts and what our government and private industries can do to protect them, starting with cybersecurity.

What happens to email accounts once credentials are compromised?
Agari researchers entered unique credentials belonging to fake personas into phishing sites posing as widely used enterprise applications, and waited to see what the phishers would do next with the compromised accounts.

The future of FISA
Current events such as the recent Colonial Pipeline ransomware attack and the continuing and increasing threats of cyber and other foreign terrorism have made it clear that FISA is more necessary than ever.

Digital criminals turn toward vaccines to capitalize on COVID-19
Cybercriminals continue to capitalize on the hysteria and worry caused by COVID-19, both in the physical sphere and digital ecosystem, exploiting the significant global unmet demand for vaccines.

Mitigating third-party risks with effective cyber risk management
Because systems are so interconnected and third parties often hold sensitive information or have access to a partner’s systems, they can also be the weak link in the cybersecurity chain.

June 2021 Patch Tuesday: Microsoft fixes six actively exploited zero-days
Microsoft has fixed 50 security vulnerabilities, six of which are actively exploited zero-days.

Most mobile finance apps vulnerable to data breaches
77% of financial apps have at least one serious vulnerability that could lead to a data breach.

54% of all employees reuse passwords across multiple work accounts
Yubico released the results of a study into current attitudes and adaptability to at-home corporate cybersecurity, employee training, and support in the current global hybrid working era.

Unauthorized access accounts for 43% of all breaches globally
There has been a 450% surge in breaches containing usernames and passwords globally, according to a ForgeRock report. Researchers also found unauthorized access was the leading cause of breaches for the third consecutive year.

Enhancing cyber resilience: What your team needs to know
In the wake of malicious attacks, we often witness everyone focusing on searching for those responsible, as opposed to how or why the attack took place and the most critical lessons that we can learn as a result. This line of thinking is wrong and here’s why.

For CISOs and artificial intelligence to evolve, trust is a must
Artificial Intelligence (AI) is no longer the future – it is already in use in our homes, cars, and, often, our pockets. As the technology continues to expand its role in our lives, an important question has emerged: what level of trust can—and should—we place in AI systems?

Reformulating the cyber skills gap
There is a growing appetite for reform in cybersecurity training, particularly among higher education institutions.

The evolution of cybersecurity within network architecture
A decade ago, security officers would have been able to identify the repercussions of an attack almost immediately, as most took place in the top-level layers of a system, typically through a malware attack. Now however, threat actors work over greater lengths of time, with much broader, long-term horizons in mind.

Keeping pace with evolving code signing baseline requirements
Although software signing processes and not a code signing certificate caused the SolarWinds incident, its impact has helped motivate the industry to strengthen code signing certificates with larger keys, to create signatures that will stay secure well into the future.

Biden’s plan for strengthening US cybersecurity is too soft
Biden’s plan is a good first step but is missing a critical component: secure hardware.

Quantum computing is imminent, and enterprises need crypto agility now
While quantum computing will lead to advancements that we cannot yet predict, it will also undoubtedly cause challenges for enterprises and their ability to secure information and communications.

How can companies prioritize contact center security?
One of the biggest mistakes an organization can make is to not have the same security controls or posture in place for their contact center or CCaaS as they do for other applications.

New infosec products of the week: June 11, 2021
A rundown of infosec products released last week.

Don't miss