Week in review: Juniper devices compromised, great corporate security blogs, MITRE D3FEND

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

The real cost of healthcare cybersecurity breaches
In this Help Net Security interview, Taylor Lehmann, Director, Office of the CISO, Google Cloud, discusses the critical conversation surrounding the ethical and legal responsibilities that healthcare providers must navigate in the wake of a data breach. He explores the severe implications of cyber threats that go far beyond financial loss, potentially endangering lives and eroding public trust in healthcare systems.

Cyber risk is business risk: Qualys Enterprise TruRisk Platform sets new industry standard
In this Help Net Security interview, Sumedh Thakar, President and CEO of Qualys explores the vision behind the Qualys Enterprise TruRisk Platform, a strategic move aimed at redefining how enterprises measure, communicate, and eliminate cyber risk.

Collaborative strategies are key to enhanced ICS security
In this Help Net Security interview, Marko Gulan, Cyber Security Consultant at Schneider Electric, discusses the complexities of safeguarding industrial control systems (ICS).

Modeling organizations’ defensive mechanisms with MITRE D3FEND
Funded by the National Security Agency, MITRE’s D3FEND framework is helping to provide standardization, specificity, and repeatability needed by cybersecurity engineers. As the framework moves from the beta version to version 1.0 in 2024, we asked D3FEND creator Peter Kaloroumakis how D3FEND will strengthen the cybersecurity community.

k0smotron: Open-source Kubernetes cluster management
Open-source solution k0smotron is enterprise-ready for production-grade Kubernetes cluster management with two support options.

10 corporate cybersecurity blogs worth your time
In this article, we’ve curated a list of insightful corporate cybersecurity blogs that provide analysis and actionable advice to help you keep your company’s digital assets secure. This list is not meant to be exhaustive since thousands of companies have infosec blogs, so presented here are the ones that we read regularly.

Juniper networking devices under attack
CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday.

Danish energy sector hit by a wave of coordinated cyberattacks
The Danish energy sector has suffered what is believed to be the most extensive cyberattack in Danish history, according to SektorCERT.

HARmor: Open-source tool for sanitizing and securing HAR files
HARmor is an open-source tool that sanitizes HTTP Archive files. Easy to install and run, it enables the safe handling and sharing of HAR files.

From PKI to PQC: Devising a strategy for the transition
Quantum computers capable of breaking currently used encryption algorithms are an inevitability. And since the US, China and Europe are sprinting to win that arms race, we know that day is coming sooner rather than later. Will organizations be ready to counter this threat to their data, though?

Success eludes the International Counter Ransomware Initiative
Ransomware, as predicted, is growing at tremendous rates and focusing on critical infrastructure sectors that can impact vast numbers of citizens. It is such a blight that countries are banding together to see what can be done.

4 warning signs that your low-code development needs DevSecOps
Low code platforms have democratized development in the enterprise. They improve efficiency and enable companies to do more with less. But as you begin to do more you will start hitting speed bumps that eventually become roadblocks. If your releases have started to feel a little bumpy, it might be time to consider a DevSecOps tool to help smooth out the process.

Crypto asset discovery and the post-quantum migration
Quantum computing is reshaping our world and will revolutionize many industries, including materials science, life sciences, transportation, and energy. Google recently demonstrated the power of quantum computers by solving a problem in seconds that today’s supercomputers require nearly 50 years to solve.

Review: Cyberbunker: The Criminal Underworld
Written and directed by Kilian Lieb and Max Rainer, Cyberbunker is a Netflix documentary about a group of hackers that enabled the proliferation of dark web forums where illegal materials were bought and sold.

Photos: IRISSCON 2023
IRISSCON, the annual cybercrime-themed conference organized by the Irish Reporting and Information Security Service (IRISS), was held in Dublin, Ireland, on November 16, 2023.

Why backup matters more than ever
In this Help Net Security round-up, we present segments from previously recorded videos in which security experts talk about the vital role that backups play in safeguarding our digital assets, ensuring business continuity, and providing peace of mind in an age where data is more vulnerable than ever before.

Building resilience to shield your digital transformation from cyber threats
In this Help Net Security video, JP Perez-Etchegoyen, CTO of Onapsis, discusses how organizations can plan for these migration projects and what key components they should include keeping projects on budget and on time.

Using real-time monitoring to identify and mitigate threats
In this Help Net Security video, Costa Tsaousis, CEO of Netdata, discusses what makes real-time monitoring so effective.

Enhancing mainframe security with proven best practices
In this Help Net Security video, Phil Buckellew, President of Infrastructure Modernization Business Unit, Rocket Software, discusses the importance of and best practices for mainframe security.

Cyber insurance predictions for 2024
In this Help Net Security video, Dara Gibson, Senior Cyber Insurance Manager at Optiv, discusses cyber insurance and what we should expect to see in 2024.

Transforming cybersecurity from reactive to proactive with attack path analysis
In this Help Net Security video, Howard Goodman, Technical Director at Skybox Security, discusses why attack path analysis is vital to a comprehensive cybersecurity strategy and how understanding attack paths allows organizations to proactively identify vulnerabilities, prioritize remediation efforts, and implement effective security measures.

Infostealers and the high value of stolen data
The risk of personal and professional data being stolen by nefarious actors looms larger than ever, according to Trend Micro.

CISOs vs. developers: A battle over security priorities
A majority of both developers and CISOs view software supply chain security as a top priority in their roles (70% and 52% respectively), according to Chainguard.

The new imperative in API security strategy
Of the 239 vulnerabilities, 33% (79 out of 239) were associated with authentication, authorization and access control (AAA) — foundational pillars of API security, according to Wallarm.

Telemetry gaps leave networks vulnerable as attackers move faster
Telemetry logs are missing in nearly 42% of the attack cases studied, according to Sophos. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

Product showcase: Nudge Security’s SaaS security and governance platform
Nudge Security helps IT and security leaders to adapt and align to the needs of the business. The platform distributes SaaS administration without sacrificing visibility, centralized governance, or control over the organization’s cloud and SaaS security posture.

New infosec products of the week: November 17, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Devo Technology, Illumio, Kasada, Lacework, OneSpan, and ThreatModeler.

More about

Don't miss