Week in review: Critical Chrome zero-day, TLS certs for sale on dark web, RSA Conference 2019
Here’s an overview of some of last week’s most interesting news and articles:
RSA Conference 2018 coverage
Check out what you missed at the infosec event of the year.
How malware traverses your network without you knowing about it
A research report has been released which, based on observed attack data over the second half of 2018 (2H 2018), reveals the command-and-control and lateral activities of three highest-volume malware, Emotet, LokiBot, and TrickBot.
A third of 2018’s vulnerabilities have public exploits, 50% can be exploited remotely
Over 22,000 new vulnerabilities were disclosed during 2018, according to Risk Based Security’s 2018 Year End Vulnerability QuickView Report. While approximately 33% of published vulnerabilities received a CVSSv2 score of 7 or above, the number of vulnerabilities scoring 9 or above declined for the third year in a row.
NSA unveils Ghidra reverse engineering tool at RSA Conference 2019
The National Security Agency (NSA) has released Ghidra, a free and cross-platform software reverse engineering tool suite used internally by the intelligence agency.
Sale of SSL/TLS certificates on the dark web is rampant
There is no dearth of compromised, fake and forged SSL/TLS certificates for sale on dark web markets, researchers have found.
Zero-day Chrome/Windows combo actively exploited in the wild
We now know why a number of Googlers made a point to urge users to implement the latest Chrome update as soon as possible: the vulnerability (CVE-2019-5786) is definitely being actively exploited in conjunction with another zero-day in Windows.
Traditional cybersecurity staff retention tactics becoming less effective
The recipe for improving your organization’s ability to hire and retain cybersecurity professionals is relatively straightforward (if not easy): offer an attractive pay, career growth opportunities, and provide a healthy work culture and environment.
Human behavior can be your biggest cybersecurity risk
Changes in user behavior are increasingly blurring the lines between personal and business. Trends like Bring Your Own Device (BYOD) and flexible working often mean that people are using work devices outside of the office.
IT teams are struggling with network infrastructure challenges caused by the cloud
IT teams are often siloed and do not agree on who is responsible for the deployment and ongoing management of the public cloud network.
Users of Cisco switches, security appliances need to get patching
Administrators of Cisco switches, firewalls, and security appliances are advised to take a look at the latest collection of security advisories published by the company, as chances are good they will need to implement some updates.
Windows Servers in danger of being compromised via WDS bug
Checkpoint has released more details about CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2. The bug was responsibly disclosed to Microsoft last year and was fixed last November, but there are likely still servers out there that haven’t been upgraded and are open to attack.
Key 2019 cybersecurity industry trends
Momentum Cyber revealed the most significant trends that will drive strategic activity in the cybersecurity industry in 2019.
Ongoing global cyber espionage campaign broader than previously known
A detailed analysis of code and data from a command-and-control server responsible for the management of the operations, tools and tradecraft behind the Operation Sharpshooter campaign has revealed evidence that this global cyber espionage campaign is more extensive in complexity, scope and duration of operations.
IoT automation platforms open smart buildings to new threats
IoT automation platforms in smart buildings are presenting attackers with new opportunities for both physical and data compromise, Trend Micro researchers warn in a newly released report.
Organizations still ignoring a large piece of their cybersecurity defense
Organizations have long focused their cybersecurity positioning around prevention; however, with the sophistication and frequency of attacks increasing, more organizations are beginning to prioritize incident response teams, groups of specialists trained to address and defeat attacks that make it past existing protections.
The patterns of elite DevSecOps practices
As DevOps practices are maturing rapidly, organizations with elite DevSecOps programs are automating security earlier in the development lifecycle and managing software supply chains as a critical differentiator to their competitors.
If an organization has been breached, it’s more likely to be targeted again
FireEye released the Mandiant M-Trends 2019 report, which shares statistics and insights gleaned from Mandiant investigations around the globe in 2018.
A strong security posture starts with application dependency mapping
Application dependency mapping (ADM) tools are not new but have been primarily used for monitoring the health and performance of applications, including as a core component in Application performance management (APM) tools. But the new “killer use case” for ADM is security, where visibility leads to more easily accomplished segmentation and protection.
Users are too confident in their protection from threats
Malwarebytes has polled nearly 4,000 Internet users in 66 countries and uncovered that many are lulled into a false sense of security because they implemented some of the more undemanding protection measures.