Here’s an overview of some of last week’s most interesting news, articles and interviews:
Phishers are targeting Office 365 users by exploiting Adobe Cloud
Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns.
Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)
The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server (CVE-2022-21907).
A new multi-platform backdoor is leveraged by an advanced threat actor
A novel multi-platform backdoor dubbed SysJoker has been successfully evading security solutions since mid-2021.
When it comes to banking security, there’s no silver bullet
In this interview with Help Net Security, Ido Helshtock, Chief Product Officer at HUB Security, talks about banking security, the most common vulnerabilities, and what banks can do to protect their own as well as their customers’ assets.
Detect and identify IoT malware by analyzing electromagnetic signals
Electromagnetic (EM) emanations can be recorded and used to detect and identify malware running on IoT devices, a group of researchers working at IRISA have proven.
How to improve your IR tabletop exercises and why you really should?
In this interview with Help Net Security, Curtis Fechner, engineering fellow at Optiv Security, explains the function of incident response tabletop exercises and how they can help reduce an organization’s overall cyber risk by keeping it prepared for a real incident.
Video surveillance systems market to grow steadily by 2026
The video surveillance systems market is expected to grow at a CAGR of 10.06% over the forecast period 2021 to 2026, according to ResearchAndMarkets.
6 cloud security trends to watch for in 2022
It’s fascinating to take a step back and look at how “the cloud” developed over the last two decades. There has been a lot of innovation that has sparked a new wave of technologies – from the boom in serverless technologies (allowing firms to scale and build platforms at speeds never seen before) to the evolution of cloud automation security.
How the pandemic fueled enterprise digital transformation
The COVID-19 pandemic has accelerated enterprise digital transformation by three to five years as companies build IT ecosystems to enable growth, innovation and improved customer experiences under new conditions, according to a research report published by Information Services Group (ISG).
On-premises cloud: The worst of both worlds?
According to the latest figures from leading global tech firm ISG, investment in cloud-based services is soaring with no sign of slowing down any time soon. In Europe, for instance, investment in cloud-based services will soon account for more than half of all IT spending.
Technology-related employment still going strong, unemployment rate for IT jobs dropping to 2%
Technology-related employment and hiring opportunities continue to expand, according to an analysis by CompTIA. December’s technology employment gains bucked the generally underwhelming national employment trend.
Eight resolutions to help navigate the new hybrid office model
Continuous review and improvement are crucial for a successful security program. As this year draws to a close, it is a good time to look back on 2021 and prepare a few resolutions for the new year.
SMEs still an easy target for cybercriminals
Cybercrime continues to be a major concern, with 51% of SMEs experiencing a cybersecurity breach, a Markel Direct survey reveals.
Data security in the age of insider threats: A primer
Of course, your employees are diligent, security conscious and loyal. But the real world tells a different story. A grand total of 94% of organizations had an insider data breach in the past year, with 84% of the data breaches resulting from human error.
How safe are cloud applications?
Netskope released a research highlighting the continued growth of malware and other malicious payloads delivered by cloud applications. The year-over-year analysis identifies the top trends in cloud attacker activities and cloud data risks from 2021 as compared to 2020, and examines changes in the malware landscape throughout 2021, highlighting that attackers are achieving more success delivering malware payloads to their victims and offering advice for improving security posture in 2022.
Small businesses are most vulnerable to growing cybersecurity threats
Many small and medium-sized businesses (SMBs) mistakenly assume (hope?) their size makes them a less appealing target to hackers, without realizing cyber criminals are eager to exploit the unique characteristics that make them even more vulnerable to cyber-attacks.
2022 promises to be a challenging year for cybersecurity professionals
We can make great strides towards improving cybersecurity in 2022, if we are smart and pragmatic about prioritization, risk management, and leveraging automation to help us work smarter not harder. Included in working smarter is having an automated, comprehensive, and accurate asset inventory.
Ransomware, supply chain, and deepfakes: The top threats the finance industry needs to prepare for
The finance industry is constantly targeted by numerous threat actors, and they are always innovating and trying new techniques (such as deepfakes) to outsmart security teams and breach an organization’s network.
The rising threat of cyber criminals targeting cloud infrastructure in 2022
In the world of cybersecurity, combating threats is like playing endless, hyper-advanced, multidimensional Whack-A-Mole: new threats are always emerging, often from unexpected sources, and trying to keep up can feel impossible.
In 2022, AI-based full-suite security is needed
In 2021, ransomware became dinner table conversation. Not only were cybersecurity leaders focused on the ransomware pandemic, but also the general population learned the perils of ransomware. It’s a consistent breaking news headline and daily concern implicating small-to-medium businesses and large enterprises in industries far and wide, as well as consumers.
The future of security protocols for remote work
The WFH and hybrid work models dramatically expanded potential attack avenues for cybercriminals seeking access to corporate resources and assets. The need to tighten security standards for businesses across all sectors is both severe and urgent.
Analyst guide: Encryption solutions buyers checklist
Finding ways to secure information effectively is a must. This challenge is perhaps never more pronounced than it is with email. Whether you have something in place or not, now is a good time to review what is needed by your organization and the ramifications of delivering a solution.
Audit Your Active Directory with a free, read-only scan from Specops
Did you know over 80% of breaches result from compromised passwords? Passwords are the first line of defense against cyber attacks. Check your AD for over 800 million known breached passwords.
New infosec products of the week: January 14, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Avast, CyberRes, NormCyber, SureCloud, and Zyxel.