Here’s a summary of the most interesting news and articles from last week:
Unprotected CVS database exposes sensitive customer search
Researchers have discovered an unprotected, public online database containing over a billion records belonging to the American healthcare company CVS Health.
How a speakerphone in a conference room can allow an attacker to break into your company’s network
Attackers exploited several malicious vulnerabilities affecting speakerphones in the Stem Audio Table conference room to eavesdrop on what is being discussed nearby, download malicious firmware, and network. May achieve and maintain persistence.
Vaccine passports that challenge the impact on data privacy and security
While some believe that vaccine apps are the key to lifting travel restrictions, there are challenges with data privacy and security implications.
Microsoft Defender for Endpoints now detects jailbroken iOS devices
Microsoft has announced new and improved features for enterprise security teams that use Microsoft Defender for Endpoints on Android and iOS and use Microsoft’s threat and vulnerability management APIs.
Understand the cloud responsibility sharing model
Over the past year, enterprises have witnessed a move to the cloud as they have needed to quickly adapt to a near-instant move to a remote work environment. However, in many cases, practicality was prioritized over security to avoid business disruption, leaving many organizations vulnerable.
Apple fixes aggressively exploited vulnerabilities affecting older iDevices
Apple has released a security update for older iDevices (iPhone, iPad, iPod) to fix three vulnerabilities. Two of them are zero-day attacks, which appear to be actively exploited in wild attacks.
VPN attacks increased by nearly 2000% as companies adopt hybrid workplaces
Malware, botnets, and exploit activity have declined compared to the fourth quarter due to a significant increase in VPN and RDP vulnerabilities, but threat attackers are still roaming.
Ransomware attackers take advantage of a flaw in the old SonicWall SRA (CVE-2019-7481)
Crowdstrike exploits CVE-2019-7481, an old SQL injection vulnerability that affects SonicWall Secure Remote Access (SRA) 4600 devices where cybercriminal groups are running firmware versions 8.x and 9.x. Warns you that you are invading your organization’s network.
The biggest threat to consumer cybersecurity
Norton Labs reveals top cybersecurity trends from January to March 2021. Phishing campaigns have been the top pandemic-related scams, including vaccine-oriented, financial relief, and tech support scams, and have continued to be the greatest threat to consumer cybersecurity.
Open source UChecker tool detects vulnerable libraries on Linux servers
CloudLinux has announced UChecker, a free open source tool that scans Linux servers for vulnerable libraries that are old and used by other applications. This provides detailed, actionable information about which applications are using which vulnerable libraries and need to be updated to help improve the security-aware patching process.
To identify the sustainability of a cyber security vendor, start with the basics
How can investors distinguish between “valued” cyber companies and those that have been “cleaned up” by rising market valuations in general? What signs do you need to look for to show that you are getting the true value of your investment? And how can investors distinguish between value and “bubble” investments?
Cyber criminals are targeting digital artists
Security researcher Bart Blaze warns that cybercriminals looking for quick payments and valuables are using NFTs (non-fungible tokens) to target digital artists.
Is your encryption key really secure?Redefined trust route for the cloud era
Underneath the complex world of cryptographic use cases and algorithms, there are simple and basic principles. The encryption key must be kept secret. As soon as you know the encryption key, it becomes worthless.
How do I choose an ITSM solution for my business?
There are many factors to consider when choosing the right ITSM solution for your business. We talked to several industry experts to gain insights on this topic.
Bad cybersecurity behavior that plagues the remote workforce
According to a Tessian report, 56% of IT leaders believe that employees have been doing bad cybersecurity behavior since working from home. When an organization plans a post-pandemic hybrid workforce, the report reports on how security behavior has changed over the past year, the challenges that organizations move to a hybrid work model, and the roots of security priorities. Clarify why a change is needed.
Phishing maintained near record levels in the first quarter of 2021
APWG’s new Phishing Trends Report states that phishing maintained near record levels in the first quarter of 2021 after a breakthrough in 2020 when reported phishing websites doubled. Is revealed.
PrivacyMic: Smart home system that does not record voice
A team of researchers at the University of Michigan has developed a system that can notify smart homes and hear signals to turn on smart speakers without eavesdropping on audible sounds.
Prevent security issues from breaking IoT promises
The promise of the IoT is that sensors will be much more ubiquitous because the cost of integrating and maintaining them will be much lower. As the number of IoT devices grows, their functionality deteriorates, and they become unpersonalized, Pandora’s Box security concerns arise.
Business leaders now feel more vulnerable to cyber attacks
According to a new survey by Telia Carrier, 45% of business leaders claim that the pandemic resulted in more network security incidents in-house.
Investing in the right future for the cloud
Migrating assets, applications, and infrastructure to the cloud is the underlying goal of most digital transformation strategies aimed at creating more agile and adaptable operations.
Can on-premises security professionals move to the cloud?
As cloud computing has grown in popularity in all use cases, cloud workloads have become more attractive than ever to malicious attackers. According to a recent McAfee report, attacks targeting cloud services have increased by 630% since January 2020.
Is your cyber defense stuck in the sandbox?
Installing a network sandbox to protect against external threats has been accepted by many as a gold standard for over a decade. A sandbox-based cybersecurity solution is a protected, isolated environment on your network that simulates your enterprise’s production network for security testing and analysis purposes.
Attack surface of companies growing at the same time as a dispersed workforce
As companies began offering more remote work options, their attack surface expanded at the same time as their distributed employees. Coupled with increasing reliance on public cloud services and vulnerable enterprise VPNs, large organizations that do not use zero trust security have become more vulnerable to network intrusion attacks.
Why XSS is still a problem with XXL in 2021
Cross-site scripting (XSS) attacks take advantage of coding flaws in the way a website or web application generates input from the user. Despite its long-standing reputation as an important infosec issue, XSS attacks are a constant OWASP top 10 web application security risk each year and are still making headlines.
How to protect your data with one firewall at a time
The need for secure data access management is a top priority for executives and executives. A common question asked by IT departments is how to do it right: ensure security and governance without frustrating users or delaying innovation.
New infosec product of the week: June 18, 2021
An overview of the infosec product released last week.
Review Week: VPN Attacks Increased Nearly 2000%, Root of Trust in the Cloud Era
Source link Review Week: VPN Attacks Increased Nearly 2000%, Root of Trust in the Cloud Era