Here’s an overview of some of last week’s most interesting news, articles and interviews:
Microsoft confirms another Windows Print Spooler bug, offers workaround (CVE-2021-36958)
A day after the August 2021 Patch Tuesday, Microsoft has released an out-of-band security advisory acknowledging the existence of yet another Print Spooler vulnerability (CVE-2021-36958).
World Health Organization CISO suggests a holistic approach to cybersecurity
In this interview with Help Net Security, Flavio Aggio, CISO at the World Health Organization, talks about the modern threat landscape and offers tips for organizations that want to increase their security posture.
Sharing knowledge and moving towards securing all the things!
In this interview for Help Net Security, Tanya Janca, CEO of We Hack Purple, talks about her path in the industry, skill development, infosec certifications, as well as key challenges for the cybersecurity industry.
Adobe fixes security holes in Magento, most of which are critical
Adobe has released security updates to address vulnerabilities in Magento and Adobe Connect.
Firefox 91 delivers new security and privacy options
Released on August 10, Firefox 91 delivers HTTPS by Default in Private Browsing mode and an enhanced cookie clearing option.
Can XDR bring the kill chain back to its roots?
XDR was designed to unite all the traditionally siloed security systems that look only at one portion of attack surface or infrastructure, integrate their data, and correlate it to gain a way of finding an in-progress attack early and curtailing it.
How to prepare for Apple’s Mail Privacy Protection
Earlier this summer, Apple held its Worldwide Developers Conference (WWDC21) and announced Mail Privacy Protection as a feature that will be delivered with its iOS 15 software update. This news subsequently raised eyebrows for marketers and, in particular, with email marketers. Why?
Cybersecurity is hands-on learning, but everyone must be on the same page
In this interview with Help Net Security, Amanda L. Joyce, Group Leader, Strategic Cybersecurity Analysis & Research, Argonne National Laboratory, offers her unique perspective on the modern information security landscape.
Most organizations are at an elevated risk of attack
The risk of cyberattacks has increased in the last year. According to a Trend Micro survey, 80% of global organizations report they are likely to experience a data breach that impacts customer data in the next 12 months.
Why ransomware is such a threat to critical infrastructure
Cyberattacks and ransomware pose a greater risk to critical infrastructure than a non-digital external threat like a nation-state does, and the size and scale of the infrastructure has little to do with the scope of the risk; ransomware is just as much as threat to a water treatment plant in downtown Smallville, USA, as it is to a large-scale energy grid or gasoline pipeline.
SMBs increasingly vulnerable to ransomware, despite the perception they are too small to target
Acronis released a report which gives an in-depth review of the cyberthreat trends the company’s experts are tracking. The report warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year.
Ransomware and cyber insurance: What are the risks?
High-profile ransomware events, such as the Colonial Pipeline and Kaseya attacks, continue to create eye-popping headlines about how easily a cybercriminal group can cripple key infrastructure, hospitals, and schools. And with ransomware attacks growing by more than 150% in 2020, there are no signs that things will improve in 2021.
Risky business: Steps for building an effective GRC program
To ensure organizations are prepared to weather the storm of regulations on the horizon, they need to build a GRC program that is compliant by design. An effective GRC program must be more than focused on security, it also needs to meet privacy, business, and IT requirements.
The challenges healthcare CISOs face in an evolving threat landscape
Organizations in the healthcare sector – and especially those engaged in delivering healthcare services – have always been juicy targets for cyber attackers. But while in the past they were mostly after patients’ personal, health and financial data these organizations store to be able to provide services, the advent of ransomware has dramatically changed the threat landscape they must face.
Zero trust: Bringing security up to speed for the work-from-anywhere age
The Internet Age has changed so much of how we live and work. We have become accustomed to buying goods online with a few clicks and having them delivered overnight, and out work lives have become faster, more flexible, and more mobile. And yet, many businesses still adhere to the ancient “castle and moat” approach of securing their digital business and workforce. It’s high time to bring security architecture into the modern age, and zero trust is designed to enable exactly that.
Stop the breaches! Four steps to minimize security risks
C-suite executives must show leadership in driving a security culture to ensure that their company can resist most – hopefully all – of those. Companies must do their due diligence and appoint a highly trained security team to monitor and protect their data according to industry best practices, by using tools that can help prevent, detect, mitigate, and eradicate threats.
Cyberattacks on the rise, organizations increasingly interested in defensive technologies
Cyberattacks against enterprise infrastructure are on the rise in the U.K. as digital transformation expands the digital footprints—and the potential attack surfaces—of many organizations, according to a report published by Information Services Group (ISG).
Connected devices increasingly at risk as new ransomware attacks are reported almost daily
Ordr released a report on the state of connected devices. The 2021 study addresses pandemic-related cybersecurity challenges, including the growth of connected devices and related increase of security risks from these devices as threat actors took advantage of chaos to launch attacks.
The evolution of identity-first security
Earlier this year, Gartner named identity-first security as one of the top security and risk management trends for 2021. Companies have been moving away from traditional LAN edge approaches, and now identity lies at the center of security strategies.
Security matters when the network is the internet
As more workloads and key data assets move to the cloud, and work from home becomes a more common reality, the private network has become more of a security overlay on the public internet than a separate entity, putting security front and center in the “future / modernized network” discussion.
Elevating cyber resilience and tackling government information security challenges
Esti Peshin, VP, General Manager, Cyber Division, Israel Aerospace Industries (IAI), recently spoke at Cyber Week 2021 in Tel Aviv, and in this interview with Help Net Security, she discusses national defense and security challenges, as well as developing technologies and systems resilient to cyber attacks.
A remedial approach to destructive IoT hacks
As of this year, there are more than 10 billion active IoT devices all over the world, many of which are deployed in enterprises. Keeping those devices secure is of the utmost importance, lest they be a way in for attackers, so it’s imperative that organizations institute IoT security practices that remediate vulnerabilities and better protect the network – by identifying and securing every “thing”. The main challenge lies in the fact that most companies aren’t aware of the spread of devices connected to its network.
Allstar app helps enforce security best practices for GitHub projects
Google and the Open Source Security Foundation (OpenSSF) have released Allstar, an app that allows organizations / owners of GitHub repositories to set up security policy expectations for GitHub projects and to make sure that these policies are adhered to.
Report: The State of Pentesting 2021
In The State of Pentesting 2021 report we dive into data from 1,602 pentests performed in 2020 on Cobalt’s Pentest as a Service (PtaaS) platform.
Product showcase: Preventing video piracy with VdoCipher
VdoCipher ensures that premium videos are not downloadable using any plugins, tools, hacks etc. This is implemented via DRM-based video encryption, since video DRM offers high security from video piracy. VdoCipher is a direct license partner for Google Widevine DRM and also provides integration for Apple Fairplay DRM.
New infosec products of the week: August 13, 2021
Here’s a look at the most interesting product releases from the past week, featuring releases from NETGEAR, McAfee, Sectigo, Arcserve and Threat Stack.