Here’s an overview of some of last week’s most interesting news, articles and interviews:
Lapsus$ gang says it has breached Okta and Microsoft
After breaching NVIDIA and Samsung and stealing and leaking those companies’ propertary data, the Lapsus$ cyber extortion gang has announced that they have popped Microsoft and Okta.
Attackers employ novel methods to backdoor French organizations
An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries.
US critical infrastructure operators should prepare for retaliatory cyberattacks
US President Joe Biden has urged companies in critical infrastructure sectors to shore up their defenses against potential cyberattacks.
Internet crime in 2021: Investment fraud losses soar
Business email compromise/email account compromise scams still have the highest financial toll on victims, but investment fraud has also lead to massive losses last year, FBI’s 2021 Internet Crime Report has revealed.
How to become a passwordless organization
In this interview with Help Net Security, Den Jones, CSO at Banyan Security, explains the benefits of implementing passwordless authentication and the process every organization has to go through when deploying such technology.
HEAT attacks: A new class of cyber threats organizations are not prepared for
Web malware (47%) and ransomware (42%) now top the list of security threats that organizations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.
Cybersecurity Red Team 101
“Red Team” is an expression coined in the 19th century, related to German military preparedness exercises conducted as realistic board games between two adversaries operating under time constraints and certain rules.
Payment fraud attack rate across fintech ballooned 70% in 2021
Sift released a report, detailing the increasingly sophisticated — and often automated — tactics cybercriminals leverage to commit payment fraud.
Why machine identities matter (and how to use them)
The migration of everything to the cloud and corresponding rise of cyberattacks, ransomware, identity theft and digital fraud make clear that secure access to computer systems is essential.
How the increase in ransomware has impacted the cyber insurance market
Panaseer shares data on actions enterprises are willing to take to solve the escalating cyber insurance crisis.
Qualys platform study: Log4Shell, the menace continues
By now, we are all familiar with the fact that Log4Shell is just about as critical as a critical vulnerability can get – scoring a 10 out of 10 on the National Institute of Standards and Technology’s CVSS severity scale.
Expanding threat landscape: Cybercriminals attacking from all sides
A research from Trend Micro warns of spiraling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organizations and individuals.
The not so scary truth about zero-day exploits
We don’t know what we don’t know; this is the quintessential problem plaguing security teams and the primary reason that zero-day exploits can cause such damage.
As breaches soar, companies must turn to cloud-native security solutions for protection
Over the past two years, companies’ adoption of public cloud services has surged, but fast-paced change and weaker security controls have led to an increase in data breaches, finds a Laminar report.
Securing DevOps amid digital transformation
There are always new buzzwords/phrases being bandied about. In the late 1990s it was “long tail of the Internet” and “new paradigms”.
The value of running stateful applications on Kubernetes
A survey by ionir shows that 60% of respondents are running stateful applications on Kubernetes, and of those who aren’t already, 50% plan to do so in the next 12 months.
Three steps to secure an organization during mergers and acquisitions
Since 2000, there have been over 790,000 merger and acquisition (M&A) transactions announced globally, consisting of a value over 57 trillion dollars.
Companies should evolve their cybersecurity strategy in light of the Great Resignation
While the obvious challenge of the Great Resignation is rising labor shortages, the phenomenon is now posing a critical risk to another important aspect of the workforce: cybersecurity.
Strengthening third-party vendor programs in times of crisis and beyond
The ongoing global turmoil has tested the supply chain across industries in a myriad of ways – from strained resources and remote workflows to security concerns and more.
How will recent risk trends shape the future of GRC
Risk management has never been more critical to organizations. The rate of change is happening faster than ever in our world.
Cybersecurity compliance: Start with proven best practices
As a security professional, you may be tasked with achieving SOC2 compliance for your organization, adopting a NIST framework, or complying with new security laws. These are just a few examples; you likely face many requirements!
New infosec products of the week: March 25, 2022
Here’s a look at the most interesting products from the past week, featuring releases from AvePoint, DTEX Systems, ExtraHop, NICE Actimize, and Sonrai Security.