Week in review: How to improve your AD security posture, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news and articles:
July 2021 Patch Tuesday forecast: Don’t wait for Patch Tuesday
There’s been lots of excitement around the recently announced print spooler vulnerability CVE-2021-34527, commonly referred to as PrintNightmare. The excitement stems from the fact that this vulnerability has a CVSS score of 8.8, is present in ALL Windows operating systems, has been publicly disclosed with known exploits, and allows an attacker to easily execute remote code with system privileges.
Critical infrastructure cyberattacks signaling the importance of prioritizing security
End users are not paying attention to the major attacks plaguing operational technology and critical infrastructure across the country, signaling the importance of businesses prioritizing a focus on security as employees return to the office.
Organizations increasingly reluctant to pay ransomware demands
To better understand concerns about recent ransomware attacks, Menlo Security conducted a global poll on responses and reactions to ransomware. attacks. Organizations hit by ransomware should not pay the ransom according to 79 percent of respondents.
Tor Browser 10.5 improves circumvention for Tor users in censored places
The Tor Project has brought major censorship circumvention and usability changes to the latest release of Tor Browser. The Tor team is on a mission to make Tor easier to use for everyone through user experience improvements based on research with users who face internet censorship and surveillance.
How do I select a mobile threat defense solution for my business?
To select a suitable mobile threat defense solution for your business, you need to think about a variety of factors. We’ve talked to industry professionals to get their insight on the topic.
Why are companies in the SAP S/4HANA transformation holding back?
For SAP’s estimated 35,000 ERP customers worldwide, it’s not a question of whether they will migrate to S/4HANA – but when and how. A recent study by LeanIX shows that most companies are only in the early stages of this massive transformation project. 80 percent of architects surveyed said identifying dependencies of the complex ERP landscape in the company is most frequently cited as a challenge.
Platform or roaming FIDO2 authenticators: Which one is right for your workforce?
In this article, we’ll dive into the world of FIDO2 authenticators, the problems that still exist and how these create major roadblocks for enterprises widely adopting FIDO2.
Bitcoin cyber attacks surge following rising demand and increasing price of bitcoin
Phishing impersonations and business email compromise (BEC) attacks designed to steal victims’ bitcoin surged by 192% between October 2020 and May 2021, closely following the rising demand and increasing price of bitcoin over the last eight months, according to analysis by Barracuda Networks.
Three security lessons from a year of crisis
Crime thrives in a crisis, and the coronavirus was the largest collective emergency that the world has faced for decades. While there are more heroes than villains in the coronavirus story — think of all the sacrifices doctors, nurses, and other essential workers have made and continue to make — there were also a few bad actors.
How to improve your organization’s Active Directory security posture
Active Directory (AD), a directory service developed by Microsoft for Windows domain networks, is most organizations’ primary store for employee authentication and identity management, and controls which assets / applications / systems a user has access to. This makes Active Directory a valuable target for attackers and spur organizations to improve its security.
How can a business ensure the security of their supply chain?
The reality is that supply chain attacks are not going away. In the first quarter of 2021, 137 organizations reported experiencing supply chain attacks at 27 different third-party vendors, while the number of supply chain attacks rose 42% from the previous quarter.
3 tips for balancing data security and usability
Organizations have many challenges when it comes to cybersecurity, and one that is top of mind for many is striking the right balance between the usability of data and upholding the proper security of that data.
Cyber insurance failing to live up to expectations
A RUSI paper finds that the contribution of the insurance sector to improving cyber security practice is ‘more limited than policymakers and businesses might hope’, and recommends government and industry action.
Finding the right SD-WAN in a crowded market
Software-defined wide area networks (SD-WAN) have become a staple for large organizations, helping them better communicate and interact with each other across the globe. But despite having a smaller presence and reach, small and medium-sized businesses (SMBs) have also started to take advantage of this technology.
Cybersecurity posture confidence high, yet incidents are increasing too
There’s a complex relationship between the reported level of confidence organizations have in their cybersecurity posture and their ongoing attack volume and impact: that is, despite rising confidence, incidents are increasing, too.
What you need to know about transatlantic data transfers
After one year of post-court limbo, the European Commission published this month the finalized version of the new standard contractual clauses (SCCs) for transferring personal data from the EU to third countries. Let’s dive into what this means for tech companies and what they can do in this new era of data rights.
Worldwide wireless 5G connections reach 298 million in Q1 2021
The state of the race for the fifth generation of wireless (5G) subscriber adoption has tightened up significantly, as global wireless 5G connections for Q1 2021 reached 298 million, according to data from Omdia reported by 5G Americas.
Online brands prioritizing speed over security
Consumers around the world fear that businesses are now compromising online security in their efforts to deliver seamless digital experiences. According to a research released by Trulioo, 71% of respondents living in China, the UK and the U.S. feel that online brands are now prioritizing speed over security.
Identity management and zero trust: Where to get started
After a tough year where security teams moved heaven and earth to keep their companies both productive and secure, it’s time to take stock. While some new identity management program implementations will be effective for the longer term, others will find gaps and assumptions that could lead to unnecessary risk. Reviewing your approach now should help you spot any areas where you can continue to improve and move toward a zero-trust security model.
Digital signature market to grow steadily by 2030
The global digital signature market size is expected to attain value of $25,211.3 million in 2030, while the market will advance at a CAGR of 29.2% during 2021–2030, according to the market research report published by P&S Intelligence.
How health tech can secure patient data post-CURES Act
It’s the central conundrum at the heart of telehealth: How can patients gain access to their most vital medical records without putting privacy at risk? The question is not just one of user activity – historically, healthcare providers have been wary of providing electronic health records (EHRs) directly to patients, due to concerns related to both privacy and control.
Buyer’s guide: Questions to ask when evaluating third-party security management platforms
A comprehensive third-party security program can align your vendor’s security with your internal security controls and risk appetite. Such a program can also help you remediate risk if your vendors fall short. And the right third-party security management platform can be a smart way to get your program off the ground or automate the one you already have in place.
eBook: Active Directory Security Tips From the Experts
Active Directory is central for many companies and used to authorize access at almost every level. Due to its popularity and importance, AD is a perfect target for ‘bad actors.’ A security vulnerability could compromise an entire network infrastructure. Attackers take advantage of this and focus on weaknesses left by inexperienced administrators.