Week in review: Nmap 7.90 released, new AWS S3 security features, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, reviews and articles:

How do I select a data storage solution for my business?
To select a suitable data storage for your business, you need to think about a variety of factors. We’ve talked to several industry leaders to get their insight on the topic.

October 2020 Patch Tuesday forecast: Trick or treat?
It’s October and that means Halloween will be here at the end of the month. It won’t be much fun if we only get to ‘dress up’ and look at each other via video conference. But then, we’ve had a lot of ‘tricks’ thrown at us this last month – Zerologon, explosion of ransomware, COVID phishing attacks, and more. Will we get more tricks next week or are we in for a treat on Patch Tuesday?

Why CIOs need to focus on password exposure, not expiration
Biometrics may be a media darling, but the truth is that passwords will remain the primary authentication mechanism for the foreseeable future. But while passwords may not be a cutting-edge security innovation, that’s not to suggest that CIOs don’t need to modernize their approach to password management.

Review: Practical Vulnerability Management: A Strategic Approach to Managing Cyber Risk
Andrew Magnusson started his information security career 20 years ago and he decided to offer the knowledge he accumulated through this book, to help the reader eliminate security weaknesses and threats within their system.

Nmap 7.90 released: New fingerprints, NSE scripts, and Npcap 1.0.0
Nmap is a widely used free and open-source network scanner. The utility is used for network inventorying, port scanning, managing service upgrade schedules, monitoring host or service uptime, etc.

Three common mistakes in ransomware security planning
As the frequency and intensity of ransomware attacks increase, one thing is becoming abundantly clear: organizations can do more to protect themselves. Unfortunately, most organizations are dropping the ball. Most victims receive adequate warning of potential vulnerabilities yet are woefully unprepared to recover when they are hit.

How to avoid the most common mistakes of an identity governance program
It’s a story I have seen play out many times over two decades in the Identity and Access Management (IAM) field: An organization determines that it needs a more robust Identity Governance and Administration (IGA) program, they kick off a project to realize this goal, but after a promising start, the whole effort falls apart within six to twelve months.

AWS adds new S3 security and access control features
Amazon Web Services (AWS) has made available three new S3 (Simple Storage Service) security and access control features.

Cybersecurity practices are becoming more formal, security teams are expanding
Organizations are building confidence that their cybersecurity practices are headed in the right direction, aided by advanced technologies, more detailed processes, comprehensive education and specialized skills, a research from CompTIA finds.

Number of corporate credentials exposed on the dark web increased by 429%
While there has been a year-over-year decrease in publicly disclosed data breaches, an Arctic Wolf report reveals that the number of corporate credentials with plaintext passwords on the dark web has increased by 429 percent since March.

Why developing cybersecurity education is key for a more secure future
European Cybersecurity Month is a timely reminder that we must not become complacent and must redouble our efforts to stay safe online and bolster the cybersecurity skills base in society. This is imperative not only to manage the challenges we face today, but to ensure we can rise to the next wave of unknown, sophisticated cybersecurity threats that await us tomorrow.

ATM cash-out: A rising threat requiring urgent attention
An ATM cash-out attack is an elaborate and choreographed attack in which criminals breach a bank or payment card processor and manipulate fraud detection controls as well as alter customer accounts so there are no limits to withdraw money from numerous ATMs in a short period of time.

HP Device Manager vulnerabilities may allow full system takeover
Three vulnerabilities affecting HP Device Manager, an application for remote management of HP Thin Client devices, could be chained together to achieve unauthenticated remote command execution as SYSTEM, security researcher Nick Bloor has found.

37% of remote employees have no security restrictions on corporate devices
ManageEngine unveiled findings from a report that analyzes behaviors related to personal and professional online usage patterns.

Working together to secure our expanding connected health future
Securing medical devices is not a new challenge. Former Vice President Cheney, for example, had the wireless capabilities of a defibrillator disabled when implanted near his heart in 2007, and hospital IT departments and health providers have for years secured medical devices to protect patient data and meet HIPAA requirements.

Most enterprises struggle with IoT security incidents
72% of organizations experienced an increase in endpoint and IoT security incidents in the last year.

NIST crowdsourcing challenge aims to de-identify public data sets to protect individual privacy
NIST has launched a crowdsourcing challenge to spur new methods to ensure that important public safety data sets can be de-identified to protect individual privacy.

Save on CCSP self-paced exam prep when bundled with exam voucher
Now’s your time to become recognized as a globally respected cloud expert and catapult your career with the (ISC)² Certified Cloud Security Certification (CCSP).

The CISO’s Guide to Third-Party Security Management
The CISO’s Guide to Third-Party Security Management provides the instructions you need to make your organization’s third-party security program effective and scalable.

New infosec products of the week: October 9, 2020
A rundown of the most important infosec products released last week.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *