Week in review: Infosec career misconceptions and challenges, early warning signs of ransomware

Here’s an overview of some of last week’s most interesting news and articles:

CISA orders federal agencies to implement Zerologon fix
If you had any doubts about the criticality of the Zerologon vulnerability (CVE-2020-1472) affecting Windows Server, here is a confirmation: the US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive instructing federal agencies to “immediately apply the Windows Server August 2020 security update to all domain controllers.”

What are the traits of an effective CISO?
Only 12% of CISOs excel in all four categories of the Gartner CISO Effectiveness Index.

Credential stuffing is just the tip of the iceberg
Credential stuffing attacks are taking up a lot of the oxygen in cybersecurity rooms these days. A steady blitz of large-scale cybersecurity breaches in recent years have flooded the dark web with passwords and other credentials that are used in subsequent attacks such as those on Reddit and State Farm, as well as widespread efforts to exploit the remote work and online get-togethers resulting from the COVID-19 pandemic.

NIST guide to help orgs recover from ransomware, other data integrity attacks
The National Institute of Standards and Technology (NIST) has published a cybersecurity practice guide enterprises can use to recover from data integrity attacks, i.e., destructive malware and ransomware attacks, malicious insider activity or simply mistakes by employees that have resulted in the modification or destruction of company data (emails, employee records, financial records, and customer data).

Windows backdoor masquerading as VPN app installer
Windows users looking to install a VPN app are in danger of downloading one that’s been bundled with a backdoor, Trend Micro researchers warn.

Infosec pros struggle to find opportunities to improve their work skills
Cybrary released the findings from the report which examines the current challenges, perceptions, and impacts of the cybersecurity skills gap faced by IT and security teams worldwide.

iOS 14: New privacy and security features
Apple has released iOS 14, with a bucketload of new and improved functional features and a handful of privacy and security ones.

Secure data sharing in a world concerned with privacy
The ongoing debate surrounding privacy protection in the global data economy reached a fever pitch with July’s “Schrems II” ruling at the European Court of Justice, which struck down the Privacy Shield – a legal mechanism enabling companies to transfer personal data from the EU to the US for processing – potentially disrupting the business of thousands of companies.

Phishers are targeting employees with fake GDPR compliance reminders
Phishers are using a bogus GDPR compliance reminder to trick recipients – employees of businesses across several industry verticals – into handing over their email login credentials.

Views and misconceptions of cybersecurity as a career path
Attitudes toward cybersecurity roles are now overwhelmingly positive, although most people still don’t view the field as a career fit for themselves, even as 29% of respondents say they are considering a career change, an (ISC)² study reveals.

Your best defense against ransomware: Find the early warning signs
Ransomware isn’t hard to detect but identifying it when the encryption and exfiltration are rampant is too little too late. However, there are several warning signs that organizations can catch before the real damage is done. In fact, FireEye found that there is usually three days of dwell time between these early warning signs and detonation of ransomware.

5 simple steps to bring cyber threat intelligence sharing to your organization
Cyber threat intelligence (CTI) sharing is a critical tool for security analysts. It takes the learnings from a single organization and shares it across the industry to strengthen the security practices of all.

DaaS, BYOD, leasing and buying: Which is better for cybersecurity?
Currently, Device-as-Service (DaaS), Bring-Your-Own-Device (BYOD) and leasing/buying are some of the most popular hardware options. To determine which is most appropriate for your business cybersecurity needs, here are the pros and cons of each.

Phish Scale: New method helps organizations better train their employees to avoid phishing
Researchers at the National Institute of Standards and Technology (NIST) have developed a new method called the Phish Scale that could help organizations better train their employees to avoid phishing.

Bit-and-piece DDoS attacks increased 570% in Q2 2020
Attackers shifted tactics in Q2 2020, with a 570% increase in bit-and-piece DDoS attacks compared to the same period last year, according to Nexusguard.

Cybercriminals moved quickly to capitalize on the COVID-19 outbreak using malicious emails
While the COVID-19 outbreak has disrupted the lives and operations of many people and organizations, the pandemic failed to interrupt onslaught of malicious emails targeting people’s inboxes, according to an attack landscape update published by F-Secure.

A look at the top threats inside malicious emails
Web-phishing targeting various online services almost doubled during the COVID-19 pandemic: it accounted for 46 percent of the total number of fake web pages, Group-IB reveals.

Using virtualization to isolate risky applications and other endpoint threats
More and more security professionals are realizing that it’s impossible to fully secure a Windows machine – with all its legacy components and millions of potentially vulnerable lines of code – from within the OS. With attacks becoming more sophisticated than ever, hypervisor-based security, from below the OS, becomes a necessity.

Layered security becomes critical as malware attacks rise
Despite an 8% decrease in overall malware detections in Q2 2020, 70% of all attacks involved zero day malware.

Offensive Security releases Win-KeX 2.0, packed with new features
Win-KeX provides a Kali Desktop Experience for Windows Subsystem for Linux (WSL 2), and version 2.0 comes with useful features.

Whitepaper: Mobile banking regulations, threats and fraud prevention
The usage of banking services through a mobile app has quickly been embraced by consumers. At the end of 2019, 74% of the UK and 75% of the US people used mobile devices to manage their finances.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *