Week in review: Microsoft Exchange backdoor, the future of phishing, securing satellites

Week in review: Microsoft Exchange backdoor, the future of phishing, securing satellites

Here’s an overview of some of last week’s most interesting news and articles:

Android Q: Enhanced security for consumers and enterprises
The upcoming, newest version of Android – still only known as “Android Q” – will have many new and improved protections for user privacy. Google has now also outlined the changes aimed at enhancing the security of the devices running the new OS, as well as the data residing on or traveling to and from them.

A deeper look: How the 281 data breaches in Q1 2019 will impact companies
High-profile data breaches show no sign of slowing down. In the first quarter of 2019, there were 281 reported data breaches, exposing more than 4.53 billion records.

Only 14% of organizations have completed migration to Windows 10
Almost a quarter of organizations will not be ready for Microsoft to terminate public delivery of Windows 7 security updates on January 14, 2020, the official end of support date.

Securing satellites: The new space race
A decade ago, it would have cost you a billion dollars to deploy a satellite into space. Fast forward ten years and you can now have your own personal satellite floating in orbit for around $50,000. 3D printed Rocket Labs, SpaceX and others have revolutionized and industrialized the Space Race.

C-level executives increasingly and proactively targeted by social breaches
C-level executives – who have access to a company’s most sensitive information, are now the major focus for social engineering attacks, alerts the Verizon 2019 Data Breach Investigations Report.

Three ways GDPR benefits US companies
While GDPR has certainly raised a number of legitimate security and compliance concerns for organizations around the world doing business with EU citizens, it has also pushed them to improve data privacy efforts and strengthen their overall risk posture.

3 months, 1900 reported breaches, 1.9 billion records exposed
There were 1,903 publicly disclosed data compromise events in the first three months of the year, exposing over 1.9 billion records, according to Risk Based Security.

The IoT threat landscape is expanding rapidly, yet few companies are addressing third party risk factors
There is a dramatic increase in IoT-related data breaches specifically due to an unsecured IoT device or application since 2017 – from 15 percent to 26 percent – and the results might actually be greater because most organizations are not aware of every unsecure IoT device or application in their environment or from third party vendors, a Santa Fe Group study reveals.

Whose (usage) data is it, anyway?
Around the world, business customers now demand business-to-business (B2B) SaaS companies safeguard their usage data. More importantly, they want to know how SaaS companies use that type of data.

Cynet Free IR tool offering empowers responders to know and act against active attacks
The saying that there are two types of organizations, those that have gotten breached and those who have but just don’t know it yet, has never been more relevant, making sound incident response a required capability in any organization’s security stack.

Critical flaw allows attackers to take over Cisco Elastic Services Controllers
Cisco has patched a critical, remotely exploitable authentication bypass vulnerability in Cisco Elastic Services Controller (ESC), a popular enterprise software for managing virtualized resources.

Executing a multi-cloud strategy: Crawl, walk, run
Despite many challenges, enterprises are increasingly adopting cloud computing in an effort to become more agile, lower IT costs, and have the ability to scale.

Is curiosity killing patient privacy?
The digitization of healthcare is changing the face of fraud. With the growth of electronic health records (EHRs), online patient portals and virtual clinics, a wealth of sensitive medical information is available across multiple digital channels and while hackers and cybercriminals pose a massive risk to this information, it’s not just “outside” fraudsters that are raising concerns.

Open banking establishes new access to banks’ networks, creating additional security issues
As more markets adopt open banking — which mandates banks to open their systems to third parties — it will be increasingly critical for banks to ensure the security of not only their networks, but those of their ecosystems partners as well, according to a report from Accenture that predicts key technology trends in banking over the next three years.

Researchers discover highly stealthy Microsoft Exchange backdoor
An extremely stealthy Microsoft Exchange backdoor can read, modify or block emails going through the compromised mail server and even compose and send new emails.

Bad actors increasingly spreading misinformation via social media ahead of EU elections
Bad actors are amplifying misinformation content directed at EU member states to shape public perception, a report by SafeGuard Cyber reveals.

Unhackable? New chip makes the computer an unsolvable puzzle
A new computer processor architecture that could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete, has been developed at the University of Michigan.

Flaws in the design of IoT devices prevent them from notifying homeowners about problems
Design flaws in smart home Internet of Things (IoT) devices that allow third parties to prevent devices from sharing information have been identified by researchers at North Carolina State University.

Cryptographic breakthrough allows using handshake-style encryption for time-delayed communications
Researchers at Stevens Institute of Technology, and colleagues, have solved a 15-year-old problem that allows handshake-style encryption to be used for time-delayed digital communications such as email – a challenge once thought to be impossible.

What will phishers do once push-based MFA becomes widely used?
As phishing continues to be the number one method for initiating a breach, investing in anti-phishing technologies or training – preferably both – should be a no-brainer for most companies.

Flaw in pre-installed software opens Dell computers to remote hijack
Dell computer owners should update the Dell SupportAssist software as soon as possible to close a high-risk remote code execution vulnerability.

What differentiates the strongest cybersecurity programs from the rest
Financial institutions spend an average of around $2,300 per full-time employee on cybersecurity annually, reveals a survey released by Deloitte and the Financial Services Information Sharing and Analysis Center (FS-ISAC).

PSD2 and strong customer authentication: Are all elements equal?
The European Payment Services Directive 2 (PSD2), introduced in January 2018, contains the requirement for additional security features for certain online transactions.

New infosec products of the week: May 10, 2019
A rundown of infosec products released last week.

via Help Net Security https://www.helpnetsecurity.com
Link : https://www.helpnetsecurity.com
May 12, 2019 at 08:10PM

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *