Week in Review: Quantum Locker Ransomware, Most Exploited Vulnerabilities in 2021
Here’s a look at some of the most interesting news, articles and interviews from the past week:
Meteor Attack Deploys Quantum Ransomware Within Hours
A group using Quantum Locker ransomware hits targets in a flash, going from initial compromise to domain-wide deployment and execution in less than four hours, the DFIR report researchers warn.
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)
Microsoft has discovered two security vulnerabilities (CVE-2022-29799, CVE-2022-29800) in the networkd-dispatcher daemon that can be exploited by attackers to take root on many Linux endpoints, allowing them to deploy backdoors, malware, ransomware or perform other malicious actions.
The 15 most exploited vulnerabilities in 2021
In 2021, threat actors aggressively exploited newly disclosed critical software vulnerabilities to hit a wide range of targets around the world, according to the latest advisory from the US Cybersecurity and Infrastructure Security Agency.
Critical Vulnerabilities Open Synology and QNAP NAS Devices to Attack
Users of Synology and QNAP network-attached storage (NAS) devices are advised to seek fixes for several critical vulnerabilities affecting Netatalk, an open-source implementation of the Apple Filing Protocol (AFP) that enables Unix-like operating systems to serve file servers for Mac.
Is the cybersecurity talent shortage a myth?
In this interview for Help Net Security, Ricardo Villadiego, CEO of Lumu, explains why he thinks the cybersecurity talent shortage is a myth and how organizations can overcome this challenge by improving technology.
41% of companies had an API security incident in the last year
In the wake of the wave of digital transformation, web application program interfaces (APIs) have grown exponentially, as the rise of integrated web and mobile offerings require much more data sharing between products.
Protect your digital banking: Tips for consumers and banks
In this interview for Help Net Security, Reza Zaheri, CSO at Quantum Metric, talks about digital banking security and what banks, as well as consumers, can do to protect their assets and data in today’s world of digital payments. .
Phishing attacks are skyrocketing, with retailers and wholesalers the most targeted
Zscaler has released the findings of a report that reviews 12 months of global phishing data from its security cloud to identify key trends, risky industries and geographies, and emerging tactics.
How to avoid compliance officer burnout
Much has been made of the sharp increase in burnout. The WHO defines burnout as a syndrome resulting from chronic stress at work that has not been successfully managed.
Cybersecurity of medical devices: what to expect in 2022?
Cybellum released a survey report on medical device cybersecurity, along with trends and predictions for 2022.
Kubernetes Security and Hygiene Principles
Traditional software security methods are not suitable for Kubernetes: a renewed set of security implementations are needed to make it less vulnerable.
Multi-Vector DDoS Attacks on the Rise, Blind and Persistent Attackers
Comcast Business has released the results of a report that provides insight into the distributed denial-of-service (DDoS) attack landscape, trends experienced by its customers, and insights to measure and mitigate risk.
The Hierarchy of Cybersecurity Needs: Why EASM is Critical to Any Zero-Trust Architecture
Zero trust was born out of the critical need to modernize an outdated IT architecture, which assumes that all of an organization’s assets – and those attached to them – must be implicitly trusted.
Manage and monitor third-party identities to protect your organization
SecZetta shared research that demonstrates a clear mismatch between the strategies organizations currently use and what is actually needed to protect them from cyberattacks due to third-party vulnerabilities.
Top 5 security analytics to measure
You don’t need a Ph.D. in cybersecurity to recognize the importance of security analytics. Security analytics uses data analysis – often aided by machine learning – to detect security threats and measure the effectiveness of security operations.
Shadow IT is a top concern with SaaS adoption
Torii announced a report revealing that 69% of technology leaders believe shadow computing is a top concern with the adoption of SaaS – or cloud applications.
Leadership and Recruitment Changes Needed to Address Cybersecurity Burnout
Most organizations, in almost every industry, have been forced to implement many digital components into their day-to-day operations in order to operate effectively.
Prevent HEAT attacks to thwart ransomware incidents
In this video for Help Net Security, Mark Guntrip, Senior Director of Cybersecurity Strategy at Menlo Security, talks about highly evasive adaptive threats (HEAT attacks).
Fraudsters answer security questions better than customers
Pindrop released a report revealing how companies could accidentally invite fraud, dark web threat merchants, and better-prepared bad actors to pass authentication.
Network attacks hit their highest level in 3 years
In this video for Help Net Security, Corey Nachreiner, CSO at WatchGuard Technologies, gives a high-level summary of the Internet Security Report for the fourth quarter of 2021, which revealed that all threats were on the rise, that it was network attacks or malware.
Do you need Cyber Asset Attack Surface Management (CAASM)?
In this video for Help Net Security, James Mignacca, CEO of Cavelo, talks about Cyber Asset Attack Surface Management (CAASM), which Gartner recently identified as an emerging technology.
MFA: A simple solution to protect your identity
In this video for Help Net Security, Dan Lohrmann, Field CISO at Presidio, talks about Multi-Factor Authentication (MFA) and how everyone should consider it to protect their identity and accounts.
Governments under attack must think defensively
In this video for Help Net Security, Tom Van de Wiele, Senior Security Consultant, Cybersecurity Services at WithSecure, talks about cyber threats targeting government organizations.
How to deal with the security challenges fueled by multicloud environments
In this video for Help Net Security, Jane Wong, VP of Security Products at Splunk, talks about the challenges enterprises face in securing their multicloud environments.
Modern bank robberies: how can they be thwarted?
In this video for Help Net Security, Tom Kellermann, Head of Cybersecurity Strategy at VMware, discusses threats to financial institutions and findings from the Modern Bank Heists 5.0 report.
How to make DevSecOps a reality
Every AppSec leader recognizes and admits that software development is accelerating and there is no way their current approach can keep pace. It is better to prevent incidents than to react to them after they have already occurred.
Don’t ignore the risks lurking in your own network
In this video for Help Net Security, Chris Waynforth, AVP Northern Europe at Imperva, talks about insider threats to organizations.
Download: CISO Guide to Choosing an Automated Security Questionnaire Platform
Failure to properly control vendor security can lead to data breaches, which can disrupt operations, damage customer trust, and result in severe regulatory penalties.
eBook: A Next Generation of Endpoint Protection
Our workforce has evolved rapidly, with millions of employees permanently working from home or transitioning to a hybrid environment. Unfortunately for cybersecurity, hackers aren’t confined to office walls.
Defense against cyberattacks: CIS Benchmarks + CDM + MITER ATT&CK
Six trillion dollars. This is what global cybercrime cost the global economy in 2021, according to Cybersecurity Ventures.
Cybercriminals deliver tax scams and phishing campaigns to the IRS by impersonating government vendors
Cybercriminals leverage advanced tactics in their phishing kits, giving them a high success rate of delivering spoofed emails containing malicious attachments just before the tax filing deadline ends. ‘IRS 2021 in the United States, April 18, 2022.
New infosec products of the week: April 29, 2022
Here’s a look at some of the hottest products from the past week, with releases from Akamai, Alert Logic, BreachBits, Kudelski Security, ThreatX, and Workato.