Review of the week: vulnerabilities of Realtek chips, attacked NAS devices, exhaustion of security teams
Here’s a look at some of the most interesting news, articles and interviews from the past week:
Attacked NAS devices: how to protect them?
Network Attached Storage (NAS) devices are a useful solution for storing, managing and sharing files and backups and as such they are an attractive target for cyber criminals.
65 vendors affected by serious vulnerabilities in Realtek chips
A vulnerability in the Realtek RTL819xD module allows attackers to gain full access to the device, installed operating systems, and other network devices.
Critical Bug Allows Remote Compromise, Control of Millions of IoT Devices (CVE-2021-28372)
A vulnerability (CVE-2021-28372) in the SDK that allows IoT devices to use ThroughTek’s Kalay P2P cloud platform could be exploited to compromise and control them remotely, Mandiant researchers found. Other attacks are possible depending on the functionality exposed by a device.
How do I select a CPaaS solution for my business?
To select the right CPaaS solution for your business, you need to consider a number of factors. We spoke to several industry professionals to get their perspective on the subject.
Unpatched Fortinet FortiWeb Vulnerability Allows Remote OS Command Injection
An unpatched vulnerability in the management interface of FortiWeb, Fortinet’s web application firewall, could allow a remote and authenticated attacker to execute arbitrary commands on the system, discovered Rapid7 researcher William Vu .
Return of Houdini malware, risk assessment of business compromised by Amazon Sidewalk
Cato Networks announced the results of its analysis of 263 billion corporate network streams between April and June 2021. Researchers have shown a new use of Houdini malware to promote device impersonation.
Increase in phishing attacks in the first half of 2021, sharp rise in crypto attacks
Overall, the first half of 2021 shows a 22% increase in the volume of phishing attacks compared to the same period last year, reveals PhishLabs. Notably, however, the phishing volume in June fell dramatically for the first time in six months, immediately following a very high volume in May.
Even the US President wants zero trust: here’s how to make it a reality
President Biden’s decree on improving the country’s cybersecurity requires agency heads to develop a plan to implement a zero-trust architecture to effectively mitigate cyber risks.
Where are we in terms of multi-cloud maturity?
In this interview with Help Net Security, Melissa Sutherland, Senior Vice President at Booz Allen Hamilton, talks about multi-cloud maturity, cloud migration strategies, as well as the evolution of the cloud in the near future.
The warning signs of burnout and how to deal with it
Burnout is the word used to describe acute burnout when your job becomes overwhelming and too stressful. This can lead to poor performance, absenteeism or resignations. It is a real problem in many industries, but it is extremely prevalent in information security due to the long hours and high pressure.
T-Mobile Data Breach: Industry Reactions
T-Mobile is investigating a claim that up to 100 million accounts may have been compromised in a data breach.
How to foster collaboration with the IT team for a successful zero-trust implementation
The conversation surrounding deploying a zero trust strategy continues to gain importance following the announcement of President Biden’s recent executive order, which requires federal agencies to create a plan to adopt this security architecture. As more and more private sector companies examine how to effectively implement this important security policy, questions remain about how to mitigate the challenges and alleviate the difficulty of its deployment, use and maintenance. its management.
Cybersecurity is a top priority for companies moving to digitally driven business models
90% of companies have yet to meet their digital goals, and 49% admit cybersecurity is the top priority for their business, a Tata Communications report reveals.
How building a world-class SOC can alleviate security team burnout
For security leaders, building a mature security operations center is about establishing robust processes that bring teams and technology together for success. Yet many SOC teams are stuck in fighting fires without the time, staff, resources, or visibility they need to function effectively.
As demand for data grows, so do data supply chain challenges
Data providers are unable to effectively deliver relevant data to a growing number of data consumers, according to a 451 Research survey.
Collaboration is the key to protecting critical national infrastructure
Concern about the protection of critical national infrastructures (CNI) is growing. After several high-profile attacks and growing tensions around state-sponsored cyber activity, the threat landscape will only intensify. Ransomware has received particular attention in recent months due to several stories that have made the headlines.
Most Employees Reuse Personal Passwords to Protect Company Data
Almost two-thirds of employees use personal passwords to protect company data, and vice versa, and even more business leaders are concerned about this problem. Surprisingly, 97% of employees know what constitutes a strong password, but 53% admit they don’t always use one.
The 3 Rs of visibility for any cloud journey
Dealing with an incident requires not only prompt notification of the incident, but the ability to sort out the cause of the incident, the ability to perform forensic analysis, identify what other systems, users, devices and applications have been compromised or affected by the incident, identify the magnitude or impact of the incident, the duration of the activity that led to the incident and many other factors.
SME awareness of GDPR is high, but few adhere to its legal requirements
85% of small and medium-sized businesses (SMEs) in the UK are aware of GDPR, but more than half still do not clean their data and therefore do not comply with GDPR legal requirements, reveals a survey by the REaD group.
Zero Trust Network Access: A Secure Path to a Better Employee Experience
Trust is a fundamental element of society. When we engage in a social or business interaction, we need to be able to trust the people we are dealing with. And yet, one of the most discussed IT security concepts today is the zero trust network architecture. It may sound like a paradox, but zero trust is the path to a safer, more employee-friendly way for employees to interact with business applications and data.
(ISC) ² continuing professional training guide
(ISC) ² offers a wide variety of development activities to help you stay ahead of changing trends and keep your skills up to date. We understand your time is precious, so we’ve created rewarding activities with flexible options to fit your busy schedule.
New infosec products of the week: August 20, 2021
Here’s a look at some of the more interesting product releases from the past week, with releases from FireEye, SailPoint, FORESEE, Digital Guardian, and GrammaTech.