Week in review: ProxyShell and Realtek SDK vulnerabilities exploitation, automated pentesting

Here’s an overview of some of last week’s most interesting news, articles and interviews:

Realtek SDK vulnerability exploitation attempts detected (CVE-2021-35395)
Threat actors are attempting to exploit CVE-2021-35395, a group of vulnerabilities in the web interface of the Realtek SDK, to spread Mirai malware to vulnerable IoT devices.

ProxyShell vulnerabilities actively exploited to deliver web shells and ransomware
Three so-called “ProxyShell” vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the Cybersecurity and Infrastructure Security Agency (CISA) warned.

Things that are easy to miss in the race towards hybrid working and the cloud
The mega-trend towards hybrid working and cloud migration seems unstoppable. But customer service organizations could find their wheels come off if they fail to address a hazardous twist in the transformation journey.

The impact of eCommerce fraud on retailers and shoppers
There’s a stark disconnect between retailers and shoppers on the matter of eCommerce fraud, Riskified reveals.

Checking for misconfigurations isn’t enough
Massive amounts of data are potentially vulnerable due to misconfigurations and, according to recent research, 32 percent of cloud professionals think misconfigurations will rise within the next year.

Key email threats and the high cost of BEC
Area 1 Security published the results of a study analyzing over 31 million threats across multiple organizations and industries, with new findings and warnings issued by technical experts that every organization should be aware of.

How do I select an automated red teaming solution for my business?
To select a suitable automated red teaming solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

ICS vulnerabilities disclosed in H1 2021 rose by 41%
Industrial control system (ICS) vulnerability disclosures are drastically increasing as high-profile cyberattacks on critical infrastructure and industrial enterprises have elevated ICS security to a mainstream issue, according to a report released by Claroty.

Why automated pentesting won’t fix the cybersecurity skills gap
The security talent gap is not getting any smaller and people are coming up with some outlandish ideas for closing it. The latest one is automated penetration testing – the idea is that we can somehow create bots that will probe enterprise defenses and uncover vulnerabilities. Here’s the thing though – that’s the antithesis of what pentesting is.

58% of IT leaders worried their business could become a target of rising nation state attacks
HP Wolf Security released the findings of a global survey of 1,100 IT decision makers (ITDMs), examining their concerns around rising nation state attacks. 72% of respondents said they worry that nation state tools, techniques, and procedures (TTPs) could filter through to the dark net and be used to attack their business.

Vulnerability management is facing three core problems: Here’s how to solve them
Vulnerability management – when executed correctly – takes a big picture approach where all aspects work harmoniously to reduce risk to business-critical assets. That is the goal for which we should all strive.

IoT market to reach $1.5 trillion by 2027, security top priority
Driven by increased adoption of smart sensors integrated into connected devices, the Internet of Things (IoT) market segment is projected to reach $1.5 trillion by 2027.

Hybrid work: How do you secure every identity on your network?
In this interview with Help Net Security, Ben King, Chief Security Officer EMEA / APAC, Okta, talks about the authentication challenges related to hybrid working environments, the state of passwordless authentication, and much more.

22% of cybersecurity incidents in H1 2021 were ransomware attacks
Ransomware attacks made up 22% of all reported cybersecurity incidents in the first half of 2021, according to recent analysis by CybSafe.

Your data, your choice
In 2021, “personal data” is anything but “personal”. We don’t own our personal data and we have limited control over what happens to it. Currently, the onus of responsibility on how to use, protect, sell and leverage our personal data lies with big companies and government institutions.

40% of SaaS assets are unmanaged, putting companies at risk for data leaks
DoControl announced a report which provides data-driven insights into the growing number of external and insider threats due to vast amounts of unmanageable data in today’s enterprises. Based on customer data, the findings clearly illustrate there is a magnitude of SaaS data exposure, with 40% of all SaaS assets unmanaged, providing internal, external and public data access.

What is the HIPAA Security Rule? Three safeguards to have in place
Two notable rules were added to HIPAA: the Privacy Rule, to help cover the physical security of PHI, and the Security Rule, to safeguard electronic protected health information (ePHI).

Coinminers, web shells and ransomware made up 56% of malware targeting Linux systems in H1 2021
Trend Micro released a research on the state of Linux security in the first half of 2021. The report gives valuable insight into how Linux operating systems are being targeted as organizations increase their digital footprint in the cloud and the pervasive threats that make up the Linux threat landscape.

How to make email safe for business
In this interview with Help Net Security, Dave Wreski, CEO at Guardian Digital, talks about modern email threats and offers protection advice for organizations.

Cybersecurity market soaring as threats target commercial and govt organizations
Over the past year, it’s been impossible to ignore the rising tide of threats targeting government and commercial organizations around the world, and the cybersecurity market is reacting.

Three reasons why ransomware recovery requires packet data
While the key component of recovery is maintaining and testing backups of critical data, one aspect of recovery that’s often overlooked is having access to the stored packet data from the lead-up and ransomware attack itself.

Trends in the OT/ICS security space and what’s to come
In July 2021, Armis appointed Sachin Shah, an Intel veteran of over 21 years, as its new CTO for Operational Technology (OT) and Industrial Control Systems (ICS). In this interview, he talks about his plans for the company, shares insight gleaned from spending many years in the ICS security space, and offers some predictions.

How the pandemic delivered the future of corporate cybersecurity faster
Regardless of how remote their workforce is, businesses need to evolve to keep up with threat actors who continually ratchet up their attacks both in terms of sophistication and ruthlessness. Securing the modern office will require a fresh approach.

Kubescape helps admins manage Kubernetes securely
Kubescape is an open-source tool for testing if Kubernetes is deployed securely, as defined in the recently released Kubernetes Hardening Guidance by NSA and CISA.

Why you need to make Microsoft 365 a 24/7 security priority
It’s easy to take advantage of the Microsoft 365 service, but are you taking the steps to properly secure all the data your company is storing inside of it?

eBook: The Psychology of Cyber
In this eBook, we explore the psychology of effective crisis response and take a deep dive into micro-drilling. Most importantly, you’ll learn how to use it to power up your incident response teams.

How Avanan helps you reduce phishing and ransomware
How does ransomware begin? According to a new report from Palo Alto Networks, the answer is primarily through email. The report shows the top arrival protocols for ransomware. The most significant vector is SMTP, at 45%, followed by IMAP at 26.5%. When combined with POP3 (3.8%), you get the following: 75.3% of ransomware attacks arrive via email.

New infosec products of the week: August 27, 2021
Here’s a look at the most interesting product releases from the past week, featuring releases from ARMO, Palo Alto Networks, Guardicore, Radiflow and Ermetic.




Share this