Weekly Recap: Strengthening Firmware Security, Help Net Security: XDR Report Released


Here’s a rundown of some of the most interesting news, articles, and interviews from the past week:

Help Net Security: XDR report released
The theme of this inaugural report is Extended Detection and Response (XDR), an emerging technology that has generated a lot of buzz in recent years.

Apache OpenOffice users should update to the latest security version!
The Apache Software Foundation (ASF) has released Apache OpenOffice 4.1.11, which fixes a handful of vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered by a specially crafted document.

Apple Fixes iOS Zero Day Exploited In The Wild (CVE-2021-30883)
With the latest iOS and iPad updates, Apple has fixed another vulnerability (CVE-2021-30883) that is actively exploited by attackers.

Microsoft patches actively exploited Windows Zero-Day (CVE-2021-40449)
On Patch Tuesday of October 2021, Microsoft fixed 71 security vulnerabilities with CVE numbers. Of these, only one was used in attacks in the wild (CVE-2021-40449) and three were publicly known prior to the patches being released.

How do I choose a SASE solution for my company?
There are several factors you need to consider in order to choose the right SASE solution for your business. We spoke to several industry experts to get their insights into the subject.

REvil / Sodinokibi accounted for 73% of ransomware detections in the second quarter of 2021
McAfee released a report in the second quarter of 2021 investigating cybercriminal activity related to ransomware and cloud threats.

Strengthen firmware security with hardware RoT
Hackers are getting smarter and more sophisticated about avoiding detection. Since IT security and transparency efforts are still largely concentrated higher up the stack at the application level, malicious actors try to break systems further down the stack at the firmware level.

Working remotely puts SMBs at increased cybersecurity risk
Remote working leads to increased cybersecurity risks for SMBs, a study by ServerChoice shows. Research of 1,000 business leaders in SMBs found that changes in work patterns leave infrastructure unmonitored and business data more vulnerable to exploitation.

Ransomware: Breaking up relationships has never been more satisfying
The division of roles and responsibilities within ransomware groups has proven to be harmonious in the past. In the past few months, however, we have seen these profitable relationships break.

The Most Malicious Malware 2021: This is where it will stay and keep evolving
We saw some previous big players leave the scene this year, some vacationing at the beach and some going to jail. In any case, 2021 was a year in which cyber threats, especially ransomware, dominated the news, reveals Webroot.

How to maximize your security budget while demonstrating ROI
Assigning an accurate monetary value to a data breach can be challenging, making it difficult to demonstrate the ROI of security spending.

AWS ransomware attacks: not a question of if, but when
Ermetic has announced the results of a study on the security situation of AWS environments and their vulnerability to ransomware attacks. Identities have been found in virtually all participating organizations that, if compromised, would compromise at least 90% of the S3 buckets in an AWS account.

Cybersecurity deficiencies uncovered by the pandemic
SecureAge announced the publication of its study, which surveyed 200 employers and 400 employees from across the UK business community in the third quarter of 2021 and examined key cybersecurity issues and trends.

Is government responding to cybersecurity threats enough for your business?
With this year’s attacks on Colonial Pipeline and Kaseya, ransomware and its impact on infrastructure have moved to the fore of American political awareness. These cyberattacks have caused public pain and a White House response.

Preparing for ransomware attacks is delayed even though organizations are aware of the risks
Hornetsecurity published the results of a global study among IT experts on their readiness for ransomware attacks.

Global supply chains vulnerable as companies have no visibility into suppliers
BlueVoyant has released the results of its second annual global third-party cyber risk management survey. The study shows that 97% of the companies surveyed have been negatively impacted by a cybersecurity breach in their supply chain.

List of IT assets most likely to be exploited by an attacker
Randori released a report that identifies the most enticing IT assets that an attacker is likely to target and exploit.

Add a new dimension to ransomware defense
As with any other cybersecurity initiative, defense-in-depth is essential for effective ransomware protection. Building content awareness is an easy and accessible way to add another layer to your anti-ransomware strategies.

Everyday cybersecurity practices that are inadequate for many online consumers
Bitdefender published a report showing how consumers of different ages and socio-demographic backgrounds behave on popular platforms, applications and devices, which affects cybersecurity risk. The results show that, despite increasing threats and concerns about cybercrime, basic practices for backing up data, protecting identity and sharing information are lacking.

Li-Fi market is expected to grow steadily until 2026
The global Li-Fi market experienced strong growth over the 2015-2020 period. Looking ahead, according to ResearchAndMarkets, the market is expected to grow at a CAGR of around 45% over the 2021-2026 period.

The sharing of Android data remains important; users do not have an opt-out
An in-depth analysis of a number of popular Android cell phones has shown that significant data collection and sharing, even with third parties, is possible without any possibility for users.

Policy automation to eliminate configuration errors
Far too often, major security gaps can be traced back to a configuration error. Changes and adjustments to network and security configurations are inevitable; they are a necessary part of managing a company’s technology environment.

How to achieve CISSP cybersecurity certification
Would you like to achieve more in your career with the globally recognized CISSP certificate? If you’re ready now, or just a little curious, the Ultimate Guide to the CISSP is a great place to start.

Webinar: How to secure your sensitive data in Elasticsearch
Is your Elasticsearch data protected from hackers and common attacks like search injections? Attend a webinar on November 4th with IronCore Labs’ data security expert and CEO Patrick Walsh on Using Application Level Encryption and Encrypted Search to Protect Sensitive Data in Your Search Service. Learn how to protect your data in Elasticsearch from ransomware extortion, scraping, and more.

The open source platform KuberLogic transforms the infrastructure into a managed PaaS
CloudLinux has started a new open core project – KuberLogic – software that enables DevOps to set up scalable, self-healing PaaS on your Kubernetes cluster. KuberLogic is available on GitHub and enables administrators to run and deploy key open source components with simple configurations and high availability.

ThreatMapper: Open source platform for scanning runtime environments
Deepfence announced the open source availability of ThreatMapper, a signature offering that automatically scans, maps, and classifies application vulnerabilities in serverless, Kubernetes, container, and multi-cloud environments.

White Paper: What Is CCPA and How Can It Affect Your Business?
Learn about California’s consumer protection laws and regulations (CCPA and CPRA), how they affect your safety, and how to meet their essential requirements.

New infosec products of the week: October 15, 2021
Here’s a look at the most interesting product releases from the past week, with releases from Aqua Security, AT&T, Datto, Huntress, and ReliaQuest.

Source link


Comments are closed.