Week in review: Realtek chips vulnerabilities, NAS devices under attack, security teams burnout

Here’s an overview of some of last week’s most interesting news, articles and interviews:

NAS devices under attack: How to keep them safe?
Network-attached storage (NAS) devices are a helpful solution for storing, managing, and sharing files and backups and, as such, they are an attractive target for cyber criminals.

65 vendors affected by severe vulnerabilities in Realtek chips
A vulnerability within the Realtek RTL819xD module allows attackers to gain complete access to the device, installed operating systems and other network devices.

Critical bug allows remote compromise, control of millions of IoT devices (CVE-2021-28372)
A vulnerability (CVE-2021-28372) in the SDK that allows IoT devices to use ThroughTek’s Kalay P2P cloud platform could be exploited to remotely compromise and control them, Mandiant researchers have discovered. Further attacks are possible depending on the functionality exposed by a device.

How do I select a CPaaS solution for my business?
To select a suitable CPaaS solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

Unpatched Fortinet FortiWeb vulnerability allows remote OS command injection
An unpatched vulnerability in the management interface for FortiWeb, Fortinet’s web application firewall, could allow a remote, authenticated attacker to execute arbitrary commands on the system, Rapid7 researcher William Vu has discovered.

Houdini malware returns, enterprise risk assessment compromised by Amazon Sidewalk
Cato Networks announced the results of its analysis of 263 billion enterprise network flows between April and June 2021. Researchers showed a novel use of Houdini malware to promote the spoofing of a device.

Phishing attacks increase in H1 2021, sharp jump in crypto attacks
Overall, the first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, PhishLabs reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May.

Even the US president wants zero trust: Here’s how to make it a reality
President Biden’s executive order on improving the nation’s cybersecurity requires agency heads to develop a plan to implement a zero-trust architecture to effectively mitigate cyber risk.

Where do we stand when it comes to multi-cloud maturity?
In this interview with Help Net Security, Melissa Sutherland, Senior Vice President at Booz Allen Hamilton, talks about multi-cloud maturity, cloud migration strategies, as well as the evolution of the cloud in the near future.

The warning signs of burnout and how to deal with it
Burnout is the word used to describe acute exhaustion when your work becomes overwhelming and too stressful. It can lead to poor performance, absenteeism, or resignations. It is a real problem in many industries, but it’s hugely prevalent in information security because of the long hours and high pressure.

T-Mobile data breach: Industry reactions
T-Mobile is investigating a claim that as many as 100 million accounts may have been compromised in a data breach.

How to foster collaboration with the IT team for a successful zero trust implementation
The conversation surrounding deploying a zero trust strategy continues to gain importance following the announcement of President Biden’s recent Executive Order, which requires federal agencies to create a plan for adopting this security architecture. As more businesses in the private sector examine how to implement this prominent security policy effectively, questions remain on how to mitigate challenges and ease the difficulty of its deployment, use, and management.

Cybersecurity is top priority for enterprises as they shift to digital-first operating models
90% of enterprises are yet to achieve their digital-first goals with 49% admitting that cybersecurity is the top most priority for their business, a Tata Communications report reveals.

How building a world class SOC can alleviate security team burnout
For security leaders, building a mature Security Operations Center is about establishing robust processes that bring teams and technology together for success. Yet many SOC teams are stuck fighting fires without the time, staff, resources, or visibility they need to operate effectively.

Demand for data is growing, but so are data supply chain challenges
Data suppliers are unable to efficiently deliver relevant data to a growing number of data consumers, according to a 451 Research survey.

Collaboration is the key to protecting critical national infrastructure
Concern around protecting critical national infrastructure (CNI) is growing. Following several high-profile attacks and growing tensions around state sponsored cyber activity, the threat landscape is only likely to intensify. Ransomware has especially been top of mind in recent months because of several headline-grabbing stories.

Most employees reusing personal passwords to protect corporate data
Nearly two thirds of employees are using personal passwords to protect corporate data, and vice versa, with even more business leaders concerned about this very issue. Surprisingly, 97% of employees know what constitutes a strong password, yet 53% admit to not always using one.

The 3 Rs of visibility for any cloud journey
Dealing with an incident requires not just prompt notification of the incident, but the ability to triage the cause of the incident, the ability to carry out forensics, identify what other systems, users, devices and applications have been compromised or impacted by the incident, identifying the magnitude or impact of the incident, the duration of the activity that led to the incident, and many other factors.

SMEs awareness of GDPR is high, but few adhere to its legal requirements
85 percent of the small- to medium-sized enterprises (SMEs) in the UK are familiar with GDPR, but more than half are still not cleaning their data and therefore not adhering to the GDPR’s legal requirements, a REaD Group survey reveals.

Zero trust network access: A safe journey to a better employee experience
Trust is a foundational element of society. When engaging in any social or commercial interaction, we need to be able to trust the people we deal with. And yet, one of today’s most intensely discussed IT security concepts is zero trust network architecture. It might seem like a paradox, but zero trust is the path to a more secure and a more employee-friendly way of interacting with corporate apps and data.

(ISC)² guide to continuing professional education
(ISC)² offers a wide variety of development activities to help you stay ahead of evolving trends and keep skills sharp. We understand that your time is valuable, so we’ve created enriching activities with flexible options to fit your busy schedule.

New infosec products of the week: August 20, 2021
Here’s a look at the most interesting product releases from the past week, featuring releases from FireEye, SailPoint, FORESEE, Digital Guardian and GrammaTech.




Share this