Here’s an overview of some of last week’s most interesting news, articles and interviews:
March 2022 Patch Tuesday forecast: Pressure mounts to resolve vulnerabilities
February 2022 Patch Tuesday was an anomaly. Not only did we see record low numbers of vulnerabilities addressed across all of Microsoft’s operating systems, but we also saw for the first time in my experience that all the updates were only rated Important.
How to empower IT Sec and Ops teams to anticipate and resolve IT problems
Every IT system administrator knows the misery of facing a problem for which the root cause requires hours (and sometimes days) to unearth, all the while part of the IT infrastructure entrusted to them is unavailable to users, open to attack, or not compliant with mandatory security standards.
SDP solutions are true ZTNA solutions: They trust no one
In this interview with Help Net Security, Alissa Knight, cybersecurity influencer and partner at Knight Ink, explains why organizations should switch to SDP as opposed to VPN, and how this approach can help boost their cybersecurity posture.
Cybercrime getting more destructive, remote workers in the crosshairs
Fortinet’s threat intelligence from the second half of 2021 reveals an increase in the automation and speed of attacks demonstrating more advanced persistent cybercrime strategies that are more destructive and unpredictable.
How do I select a CDR soluton for my business?
In the process of file sharing, what is essential for every organization is to make sure malware doesn’t tag along, and this is where a content disarm and reconstruction (CDR) solution comes in handy.
Security leaders want legal action for failing to patch for Log4j
The recently identified vulnerability in the Log4j Java logging package has created headaches for security professionals around the world.
Leveraging mobile networks to threaten national security
In this interview with Help Net Security, Rowland Corr, Director of National Security Intelligence at AdaptiveMobile Security, explains how mobile networks can be leveraged as part of a cyber warfare strategy, why is this a growing national concern, and how to implement defences against such sophisticated attacks.
Bad actors are becoming more successful at evading AI/ML technologies
Deep Instinct Threat Research team extensively monitored attack volumes and types and then extrapolated their findings to predict where the future of cybersecurity is heading, determine what motivates attackers, and most importantly, lays out the steps organizations can take now in order to protect themselves in the future.
The biggest threat to ICS/OT is a lack of prioritization
A SANS survey reveals that cyber attackers have demonstrated a robust understanding of operational technology (OT) and industrial control system (ICS) engineering and have conducted attacks that gain access and negatively impact operations and human safety.
What is Ransomware Protection as a Service?
Ransomware attacks have devastating consequences for many businesses. Those go beyond the monetary loss tied to ransom-encrypted data, and include disrupted operations, unhappy customers, regulatory fines, and—worst of all—reputational damage that can be hard to overcome.
Lack of visibility plaguing ICS environments
Dragos released its report on cyber threats facing industrial organizations, naming the emergence of three new threat groups targeting ICS/OT environments, including two that have gained access into the OT systems of industrial organizations.
Why banks should incorporate software bill of materials (SBOM) into their third-party risk programs
In the face of rising cybersecurity threats, the Biden administration issued an executive order in May 2021 calling for improvements in the supply chain. Among the recommended requirements is a software bill of materials (SBOM) for software vendors contracting with the government.
Phishing attacks hit all-time high in December 2021
APWG saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it begain its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.
Navigating data privacy in the higher education ecosystem
The need for academic institutions to become data privacy advocates is paramount. Over the past 24 months, higher education institutions have accelerated digital transformation initiatives.
How to keep your medical device IP safe from cyber attacks
Guarding intellectual property (IP) has always been a priority for medical device manufacturers as competitors and even nation states are constantly trying to compromise or steal IP.
Apps, devices and workloads provide an ecosystem cornerstone for zero trust growth
As cybersecurity professionals, we admit it: zero trust has become the industry’s biggest buzzword. Some argue it’s a principle, others argue it’s a framework, others still that it’s mostly an architecture.
Take a dev-centric approach to cloud-native AppSec testing
The era of the cloud-native application is well and truly upon us: IDC researchers have predicted that by 2023, more that 500 million apps will be developed using cloud-native approaches!
Product showcase: SharePass – Secure communication made simple
We all know the numbers. Data breaches are up 30% year over year, ransomware runs rampant without showing any signs of slowing, and identity theft reports have doubled to nearly 1.5 million per year.
Open XDR Summit: Showing how Open XDR transforms security operations today
Open XDR Summit is a community of cybersecurity professionals who are using Open XDR to cost-effectively reduce risk while dramatically improving productivity and confidence.
Infosec products of the month: February 2022
Here’s a look at the most interesting products from the last month, featuring releases from: Arista Networks, Blueshift Cybersecurity, Bugcrowd, Cato Networks, Cofense, CoSoSys, Cybellum, Cymulate, Darktrace, DataStax, F5 Networks, Federal Reserve, Forcepoint, Gigamon, Gretel, Juniper Networks, Mandiant, MyCena, NetSPI, Ondato, Orca Security, Ping Identity, Qualys, Runecast, ShiftLeft, Spin Technology, Stellar Cyber, Sumo Logic, SynSaber, Tenable, and Verimatrix.
New infosec products of the week: March 4, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Anomali, CybeReady, Endace, Enzoic, Palo Alto Networks, Perimeter 81, Secret Double Octopus, and VMware.