Week in review: F5 BIG-IP flaw, critical bugs in Aruba and Avaya network switches, Patch Tuesday forecast


Here’s an overview of some of last week’s most interesting news, articles and interviews:

May 2022 Patch Tuesday forecast: Look beyond just application and OS updates
April Patch Tuesday provided an extensive set of operating system and application updates after a few quiet months.

TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches
Armis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches.

Critical F5 BIG-IP flaw allows device takeover, patch ASAP! (CVE-2022-1388)
F5 Networks‘ BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388.

Phishers exploit Google’s SMTP Relay service to deliver spoofed emails
Phishers are exploiting a flaw in Google’s SMTP relay service to send malicious emails spoofing popular brands.

CMS-based sites under attack: The latest threats and trends
Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, Sucuri’s latest research report has revealed.

Stealthy APT group plunders very specific corporate email accounts
An eminently sophisticated and stealthy APT group is going after specific corporate email accounts and has, on occasion, managed to remain undetected in victim environments for at least 18 months.

A checklist to help healthcare organizations respond to a serious cyberattack
How should organizations in the healthcare sector respond to outage due to a serious cyberattack?

NIST updates guidance for cybersecurity supply chain risk management
The National Institute of Standards and Technology (NIST) has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain.

Good end user passwords begin with a well-enforced password policy
In this interview with Help Net Security, Lori Österholm, CTO at Specops Software, explains what makes passwords vulnerable and suggests some password best practices and policies organizations should implement to keep their systems secure.

Google offers 50% higher bounties for bugs in Android 13 Beta
Google has released Android 13 Beta 1 and has sent out a call for bug hunters: Find bugs in it, and you’ll get a 50% bonus reward payout.

How to avoid security blind spots when logging and monitoring
Cybersecurity involves a balancing act between risk aversion and risk tolerance. Going too far to either extreme may increase cost and complexity, or worse: cause the inevitable business and compliance consequences of a successful cyberattack.

55% of people rely on their memory to manage passwords
Bitwarden announced the results of its global password management survey, in advance of World Password Day on May 5th, 2022.

How to implement a best-in-class SASE architecture
To support cloud-enabled digital transformation strategies, a tighter integration of security and SD-WAN architectures are top of mind for many CIOs and CISOs.

Cybersecurity skills shortage: Could training, certifications and diversity be a solution?
Fortinet released a report which reveals that the cybersecurity skills shortage continues to have multiple challenges and repercussions for organizations, including the occurrence of security breaches and subsequently loss of money.

The 6 steps to a successful cyber defense
The Ransomware Spotlight Year-End Report from Ivanti, conducted in partnership with Cyber Security Works and Cyware, found that there is now a total of 157 ransomware families – an increase of 32 from the previous year.

Password tips to keep your accounts safe
Uswitch.com conducted a consumer survey to find out how the UK chooses their passwords, how safe they are and how often they have been hacked.

7 threat detection challenges CISOs face and what they can do about it
Security operations (SecOps) teams continue to be under a constant deluge of new attacks and malware variants. In fact, according to recent research, there were over 170 million new malware variants in 2021 alone.

Tackling the threats posed by shadow IT
While remote technologies have allowed businesses to shift their workforces online, this flexibility has created a swathe of challenges for IT teams who must provide a robust security framework for their organization – encompassing all the personnel and devices within their remit.

Nothing personal: Training employees to identify a spear phishing attack
Phishing attacks began years ago as simple spam, designed to trick recipients into visiting sites and becoming customers. In the meantime, they have morphed into a worldwide criminal industry.

How is the U.S. government preparing for critical infrastructure attacks?
In this video for Help Net Security, Paul Caiazzo, Advisor at Avertium, talks about critical infrastructure attacks, their potential impact, and what the U.S. government is doing to prepare for them.

Discover your public cloud exposure with Recon.Cloud
In this video for Help Net Security, Gafnit Amiga, Director of Security Research at Lightspin, talks about the firm’s latest tool: Recon.Cloud.

Self-promotion in cybersecurity: Why you should do it, and how
In this video for Help Net Security, Mark Sasson, Managing Partner at Pinpoint Search Group, talks about how cybersecurity professionals can promote themselves and why they should.

How to identify vulnerabilities with NMAP
In this video for Help Net Security, Shani Dodge Reiner, Development Team Leader at Vicarius, explains how to identify vulnerabilities using the NMAP tool.

Passwords are secrets that should never be shared
In this video with Justine Fox, Principal Product Manager at NuData Security, a Mastercard company, you’ll learn how to educate employees on simple, positive password habits.

Smart government agencies are opting for multicloud environments
In this video for Help Net Security, Keith Nakasone, Federal Strategist at VMware, discusses how government agencies can scale the use of multicloud environments for mission success.

How to enhance your cyber defense program with CIS SecureSuite
Join this webinar to learn how you can prioritize your security program to meet the requirements of regulatory and compliance frameworks with the CIS Critical Security Controls and CIS Benchmarks, as well as how to assess and implement secure configurations at scale.

RSAC Innovation Sandbox Contest finalists announced
RSA Conference announced the 10 finalists for its 17th annual RSAC Innovation Sandbox Contest.

Infosec products of the month: April 2022
Here’s a look at the most interesting products from the past month, featuring releases from: Akamai, Alert Logic, Arcanna.ai, Axis Security, BigID, BreachBits, ColorTokens, Finite State, Forescout, Fortinet, Hillstone Networks, IBM, Imperva, Keysight Technologies, Kudelski Security, oak9, Orca Security, OwnBackup, Palo Alto Networks, Prevailion, Spin Technology, ThreatX, Vicarius, and Workato.

New infosec products of the week: May 6, 2022
Here’s a look at the most interesting products from the past week, featuring releases from AuditBoard, BIO-key, Data Theorem, Enpass, Microsoft, N-able, and Uptycs.

More about

Don't miss