Here’s an overview of some of last week’s most interesting news, articles and interviews:
October 2021 Patch Tuesday forecast: Halloween came early this year
Halloween is not until the end of the month, but there has already been a lot of scary activity leading up to this patch Tuesday. PrintNightmare and Apple zero-days are just a few that have made the news.
Security and trust in software remains top priority for buyers
Faster decision making, credit card transactions instead of negotiated contracts, and the near-ubiquitous use of peer review sites are all part of the new normal in enterprise software purchasing, which increasingly resembles B2C buying behavior, a G2 study reveals.
Researchers discover ransomware that encrypts virtual machines hosted on an ESXi hypervisor
Sophos has released details of a new ransomware written in Python that attackers used to compromise and encrypt virtual machines hosted on an ESXi hypervisor. The report details a sniper-like operation that took less than three hours to progress from breach to encryption.
Do you have a plan for your cybersecurity career? Time to skill up!
Gerald Auger is a Managing Partner at Coastal Information Security Group, and Chief Content Creator at Simply Cyber. In this interview with Help Net Security, he talks about the cybersecurity skills shortage, the value of certification, as well as “Cybersecurity Career Master Plan”, a book he co-authored.
Domain security remains an underutilized component to curb attacks
Despite the shift to modernize business environments and operations among the Global 2000 companies, web domains remain dangerously under protected, according to CSC.
How collaboration between IT pros and senior leaders could drive the future of risk mitigation
What is an acceptable level of risk for IT pros and their organizations? The answer to this question has changed in recent years, with the threat landscape shifting dramatically both due to global events and the increasing sophistication of the attacks deployed by cyber hackers.
The cybersecurity issues organizations deal with remain complex and numerous
New thinking on cybersecurity policies, processes, people and products are necessary for organizations to reverse perceptions, and perhaps realities, that they are falling behind in their preparedness, according to a new report from CompTIA.
Critical infrastructure IoT security: Going back to basics
In this interview with Help Net Security, James Carder, CSO & VP of Labs at LogRhythm, talks about critical infrastructure IoT security, the vulnerabilities that are plaguing this type of technology, and how to tackle the growing number of cybersecurity threats.
How CISOs plan to accelerate the adoption of automation
ThreatQuotient released the State of Cyber Security Automation Adoption in 2021, new research focused on understanding the importance, challenges and trends facing businesses and their CISOs when it comes to IT security systems automation.
Combating vulnerability fatigue with automated security validation
The introduction of log monitoring (e.g., SIEM), firewall, and AV technologies over two decades ago provided valuable tools for IT teams to be alerted to known suspicious network behavior. However, as time goes by and digital transformation is at a record high, the underlying technologies supporting security teams on their day-to-day operation have not changed.
Large ransom demands and password-guessing attacks escalate
ESET released a report that summarizes key statistics from its detection systems and highlights notable examples of its cybersecurity research.
Which technologies can help legal and compliance teams navigate a changing landscape of risk?
In this interview with Help Net Security, Zack Hutto, Director of Advisory Services at Gartner‘s Legal and Compliance Practice, talks about the challenges legal and compliance teams are facing and the technologies that can help them.
ATO attacks increased 307% between 2019 and 2021
Sift released a report which details the evolving methods fraudsters employ to launch account takeover (ATO) attacks against consumers and businesses. The report details a sophisticated fraud ring that sought to overwhelm e-commerce merchants by innovating upon typical credential stuffing campaigns.
Five proven techniques for building effective fraud management
Whether you’re a small company or a large, multinational organization, you’re not immune to the repercussions of fraudulent activity. Fraud can have a financially negative impact on an organization and can erode the trust of current and future customers, as well as investors in a company.
91.5% of malware arrived over encrypted connections during Q2 2021
The latest report from the WatchGuard shows an astonishing 91.5% of malware arriving over encrypted connections during Q2 2021. This is a dramatic increase over the previous quarter and means that any organization that isn’t examining encrypted HTTPS traffic at the perimeter is missing 9/10 of all malware.
Electronic warfare: The critical capability of dominating the electromagnetic spectrum
In this interview with Help Net Security, Nick Myers, Director of Business Development, Electronic Combat Solutions at BAE Systems, talks about the evolution of electronic warfare, how it works, and why it’s important to invest in such technology.
Obstacles and threats organizations face when protecting AD
Attivo Networks announced the availability of a research report conducted by Enterprise Management Associates (EMA) which focuses on Active Directory (AD), exploring the obstacles and threats organizations face when protecting AD and how they adapt to address these growing concerns.
For adapting to new cloud security threats, look to “old” technology
While there is a time and place for onboarding additional cloud security solutions, it can also be easy to fall prey to the shiny object syndrome surrounding emerging solutions that are created in response to new security threats. Before rushing to invest in a new solution, however, remember that matching additional solutions to emerging threats in a one-to-one game of whack-a-mole is not a sustainable strategy.
Cybersecurity best practices lagging, despite people being aware of the risks
The National Cybersecurity Alliance and CybSafe announced the release of a report which polled 2,000 individuals across the U.S. and UK. The report examined key cybersecurity trends, attitudes, and behaviors ahead of Cybersecurity Awareness Month this month.
(ISC)² goes to school: CISSP preparation and training as part of a specialist study
In this interview with Help Net Security, Renata Mekovec, Associate Professor and Head of the postgraduate specialist study Information Systems Security Management and Auditing at the Faculty of Organization and Informatics (University of Zagreb), talks about what the specialized study offers to information security professionals and the Faculty’s collaboration with (ISC)² to deliver CISSP preparation and training.
Digital key builds on past practices to create a more secure future
Too often, we assume that new technology replaces the old, but technology often builds off past generations, ideas, and success, rather than abandoning it altogether. Some people may not realize that past technologies are foundational to new technology, as is the case with Bluetooth.
Finding the right mix: Leveraging policy and incentives to improve healthcare cybersecurity
When businesses are hit by a cyberattack, it can mean a disruption in operations, lost revenue and customer dissatisfaction because their personal information is exposed. But for the healthcare sector, the impact is far greater; cyberattacks can be a matter of life or death.
Infosec products of the month: September 2021
Here’s a look at the most interesting product releases from September, featuring releases from Attivo Networks, Absolute, Anomali, Alation, Citrix, Cloudflare, Cyware, Code42, Commvault, CoSoSys, Druva, DataDome, deepwatch, Elastic, Fugue, ForgeRock, Hornetsecurity, IPKeys Power Partners, IDrive, McAfee, Nutanix, Palo Alto Networks, Query.AI, Qualys, Red Sentry, Stairwell, ThreatConnect and Titania.
New infosec products of the week: October 8, 2021
Here’s a look at the most interesting product releases from the past week, featuring releases from Abnormal Security, Pradeo, Qualys, Semperis and Swimlane.