Here’s an overview of some of last week’s most interesting news, articles and interviews:
Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise Windows/Office users in “a limited number of targeted attacks,” Microsoft has warned.
September 2021 Patch Tuesday forecast: It’s new operating system season
Microsoft has released Server 2022 and Windows 11 is coming in October. Apple also has the beta available for the next version of macOS. But let’s start by focusing on a new Office vulnerability before next week’s Patch Tuesday.
Researchers pinpoint ransomware gangs’ ideal enterprise victims
Researchers with threat intelligence company KELA have recently analyzed 48 active threads on underground (dark web) marketplaces made by threat actors looking to buy access to organizations’ systems, assets and networks, and have found that at least 40% of the postings were by active participants in the ransomware-as-a-service (RaaS) supply chain (operators, or affiliates, or middlemen).
The healthcare cybersecurity market to grow steadily by 2026
The healthcare cybersecurity market registered a CAGR of 15.6% over the forecast period 2021 – 2026, according to ResearchAndMarkets.
OpenSSL 3.0: A new FIPS module, new algorithms, support for Linux Kernel TLS, and more
The OpenSSL Project has released OpenSSL 3.0, a major new stable version of the popular and widely used cryptography library.
Protecting your company from fourth-party risk
In a world that is becoming ever more interconnected, organizations are learning firsthand that they are not only vulnerable to the adverse events that their vendors experience but also to the incidents that happen to those vendors’ vendors.
Healthcare cybersecurity under attack: How the pandemic affected rural hospitals
In this interview with Help Net Security, Baha Zeidan, CEO at Azalea Health, talks about how rural hospitals have been affected by the pandemic and what steps they should take to boost their cybersecurity posture.
Consumers satisfied with mobile security, yet account privacy and protection concerns remain
More than half of wireless subscribers polled were extremely or somewhat satisfied with the security offered by their mobile operators, according to a mobile security survey released by Global Wireless Solutions (GWS).
A zero-trust future: Why cybersecurity should be prioritized for the hybrid working world
The pandemic has had a significant impact on the way we work, and one of our recent research studies found that nearly 65% of companies expect some or all their workforce to remain remote indefinitely. Unfortunately, last year’s sudden transition has created numerous cybersecurity challenges for businesses as they attempt to adjust to this new way of working.
Ransomware attacks increased by 288% in H1 2021
Analysis from NCC Group’s Research Intelligence and Fusion Team (RIFT) has highlighted the growing threat of ransomware around the world.
3 ways to protect yourself from cyberattacks in the midst of an IT security skill shortage
Enterprises face a catch-22 situation: Security is more vital than ever, but cybersecurity positions are nearly impossible to fill. Fortunately, there are several security best practices enterprises can follow that don’t require them to have an in-house cybersecurity expert.
Enterprising criminals are selling direct access to cloud accounts
The rapid shift of applications and infrastructure to the cloud creates gaps in the security posture of organizations everywhere. This has increased the opportunities for cybercriminals to steal data, take advantage of an organization’s assets, and to gain illicit network access.
How getting a CISSP can change the course of a career
In this interview with Help Net Security, May (Maytal) Brooks-Kempler, CEO at Helena, talks about her CISSP journey. Seven years ago she passed the CISSP exam, and today she teaches a CISSP course based on materials she co-authored.
Enterprises are missing the warning signs of insider threats
The report surveyed a global pool of 1,249 IT and IT security practitioners and found that 53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack.
The age of AI-powered devices at the edge
The vast amount of data constantly collected by the billions of sensors and devices that make up the IoT can pose a serious processing challenge for businesses that rely on traditional intelligence and analytics tools.
39% of all internet traffic is from bad bots
Automated traffic takes up 64% of internet traffic – and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals.
How do I select a container security solution for my business?
To select a suitable container security solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.
Traditional SIEM platforms no longer meet the needs of security practitioners
Panther Labs released the findings from their report which surveyed over 400 security professionals who actively use a SIEM platform as part of their job, including CISOs, CIOs, CTOs, security engineers, security analysts, and security architects, to gain insight into their current SIEM challenges, frustrations, and desires when it comes to capabilities.
Securing your WordPress website against ransomware attacks
These five tips are all centered on preventative measures to safeguard your WordPress website. Unfortunately, even the most secure websites that follow all the rules can fall victim to attackers.
Ransomware attacks: The power of adaptation
In this interview with Help Net Security, David Taylor, managing director, Incident Response, Technology Consulting at Protiviti, explains why ransomware attacks are so common and effective, what makes organizations vulnerable to such attacks and what they can do to better protect themselves.
Crypto exchanges and their customers must protect themselves as attacks continue
Within the past several years, cryptocurrency has gone from a niche hobby to a mainstream concern. Cryptocurrencies like Bitcoin, Ethereum, and even Dogecoin have generated widespread interest, particularly as their value has risen. This interest has penetrated well beyond financial speculators and into the public at large.
The role of automation in staying on top of the evolving threat landscape
In this interview with Help Net Security, Dr Shreekant Thakkar, Chief Researcher, Secure Systems Research Centre at TII, talks about the ever evolving threat landscape and how automation could improve the way organizations detect and respond to attacks.
Top tips for preventing SQL injection attacks
SQL injection is one of the most dangerous and most common vulnerabilities, but fortunately there are several best practices developers can follow to ensure there are minimal chinks in their armor.
The impact of ransomware on cyber insurance driving the need for broader cybersecurity knowlege
In this interview with Help Net Security, Odin Olson, VP of Alliances for Arctic Wolf, talks about the impact of ransomware on cyber insurance and the connection between security operations and the insurance industry.
When a scammer calls: 3 strategies to protect customers from call spoofing
Call spoofing, which refers to the process of changing the caller ID to any number other than the actual calling number, is a tactic that has lately been on the rise. One analysis estimated that Americans lost nearly $29.8 billion from phone scams in 2020, more than double the amount lost from the previous year.
Report: The State of Password Security in the Enterprise
A recent Authentication Security Strategy survey by Enzoic and Redmond magazine revealed insights into the way that passwords are currently being used in various organizations, and what the future looks like regarding this ubiquitous authentication method.
New infosec products of the week: September 10, 2021
Here’s a look at the most interesting product releases from the past week, featuring releases from Attivo Networks, Code42, Commvault, ForgeRock and IPKeys Power Partners.