Weekly Review: Microsoft Fixes Follina, Cybersecurity Professionals Quitting, (IN)SECURE Magazine RSAC 2022


Here’s a rundown of some of the most interesting news, articles, interviews and videos from the past week:

(IN)SECURE Magazine: RSAC 2022 Special Issue Released
Some of the most pressing topics discussed at this year’s conference included issues of privacy and surveillance, the positives and negatives of machine learning and artificial intelligence, the nuances of risk and policy, and cybersecurity-focused innovations. in crypto and blockchain.

45% of cybersecurity professionals are considering leaving the industry due to stress

API security justifies its own specific solution
Application Programming Interfaces (APIs) allow developers to quickly and easily deploy services, but they are also equally attractive to attackers. This is because they can provide easy access to back-end systems and sensitive data sets.

Is your organization ready for Internet Explorer’s retirement?
June 15, 2022 is the day Microsoft will stop supporting most versions of Internet Explorer 11, and organizations should have made sure they were ready for retirement. But are they?

Microsoft fixes Follina and 55 other CVEs
June 2022 Patch Tuesday has been marked by Microsoft with the release of fixes for 55 new CVEs, as well as security updates that fix Follina (CVE-2022-30190), the Microsoft Windows Support Diagnostic Tool (MSDT) RCE that has been widely exploited by attackers.

Ransomware gang publishes stolen victim data on the public internet
Ransomware group Alphv (aka BlackCat) is trying a new tactic to get companies to pay for their silence after the breach: a clearnet (public internet) website containing sensitive data about the employees and customers stolen from a victim organization.

Once is never enough: the need for continuous penetration testing
If you Google “How often should I do penetration tests?”, the first answer that comes up is “once a year”.

What stolen data are ransomware gangs likely to release?
If your organization is hit by a ransomware gang that also managed to steal company data before hitting the “encrypt” button, what types of data are more likely to be revealed when you debate internally about whether you should pay the ransomware gang?

SaaS security: how to avoid “death by 1000 apps”
SaaS applications have become synonymous with modern business environments, and CISOs and security teams are struggling to find a middle ground between ensuring the security of their SaaS portfolio and empowering the organization’s streamlined business workflows and productivity.

Microsoft helps prevent sideways movement of compromised unattended devices
A new feature in Microsoft Defender for Endpoint could make it more difficult for attackers to perform lateral movements within corporate networks because it allows administrators to prevent traffic from flowing to and from unattended devices that have been compromised.

Phishing hits record high in early 2022
The APWG’s Phishing Activity Trends Report shows a total of 1,025,968 phishing attacks in the first quarter of 2022, the worst quarter for phishing to date.

Only 10% of vulnerabilities are fixed each month
A survey by SecurityScorecard and The Cyentia Institute found that only 60% of organizations have improved their security posture, despite a fivefold increase in cyberattacks in the past three years.

Mind the Gap: How to Make Sure Your Vulnerability Detection Methods Are Up-to-date?
Given that the global cost of cybercrime is projected to reach $10.5 trillion per year by 2025, it’s no surprise that the risk of attacks is the number one concern for businesses worldwide.

72% of midsize companies expect to experience a cyber attack
Mid-market companies are facing an increasingly volatile cybersecurity environment, with threats coming from more directions than ever before and more skilled criminals targeting the segment, according to a report from the RSM US and the US Chamber of Commerce.

Criminal IP Analysis Report on Zero-Day Vulnerability in Atlassian Confluence
According to Volexity, a web shell was discovered on the Atlassian Confluence server during an incident response investigation. Volexity determined it was a zero-day vulnerability that could execute remote code even after the latest patch was completed and reported the issue to Atlassian.

Zero Trust Adoption: Industry-Specific Challenges and Implementation Strategies
Organizations in many industries are on a journey to implement the zero trust security model to improve their cybersecurity posture.

Cloud Computing Biggest Concerns: Shifting Focus
The Cloud Security Alliance (CSA) released the report Top Threats to Cloud Computing: The Pandemic 11, which identified a clear change in cloud security provider (CSP) security vulnerabilities.

Increased cloud complexity requires stronger cybersecurity
A Thales report, conducted by 451 Research, found that 45% of businesses have experienced a cloud data breach or failed audit in the past 12 months, up 5% from the previous year. cyber criminals.

How financial institutions improve customer experience with fraud prevention measures
Fraud is an ongoing threat and there is no end in sight as the ecommerce landscape continues to evolve and the use of online payment platforms increases.

Why should organizations prioritize ransomware preparedness?
Hitachi Vantara and Enterprise Strategy Group (ESG) released the findings of a survey of more than 600 IT and cybersecurity professionals, which found that 79% of respondents reported a ransomware attack on their company in the past year.

Companies let bot attacks go unchallenged for almost four months
Netacea released a report on how companies are handling bot attacks. It reveals a key area where companies are failing to address bot attacks: Bots remain undiscovered for an average of 16 weeks, two weeks more than last year’s findings.

Metasploit 6.2.0 comes with 138 new modules, 148 improvements and features
Metasploit is the world’s most widely used penetration testing framework. It helps security teams verify vulnerabilities, manage security assessments, and improve security awareness.

How organizations can protect themselves in the emerging risk landscape
In this video for Help Net Security, Ravi Srinivasan, CEO of Votiro, discusses ThoughtLab’s 2022 cybersecurity benchmark study, Cybersecurity Solutions for a Riskier World.

Using compliance to create value for your organization
In this Help Net Security video, Patrick Sullivan, VP Customer Success at A-LIGN, talks about the value of modern compliance programs.

A Closer Look at the SEC Cybersecurity Disclosure Rule
In this Help Net Security video, James Turgal, VP Cyber ​​Risk, Strategy and Board Relations at Optiv, discusses the proposed new SEC Cybersecurity Disclosure rule.

How social engineering attacks go beyond email
In this Help Net Security video, Chris Lehman, CEO of SafeGuard Cyber, explains how adversaries are moving beyond email to attack businesses across a wide variety of digital communication platforms, including mobile messaging, collaboration (Slack, Teams, etc.) , conferences (Zoom), CRM and social media.

New infosec products of the week: June 17, 2022
Here’s a look at the most interesting products from the past week, with releases from Black Kite, Feroot, Incogna, Optiv and Splunk.

Leave a Comment

Your email address will not be published.