Here’s a look at some of the most interesting news, articles and interviews from the past week:
March 2022 Patch Tuesday Forecast: Pressure Mounts to Fix Vulnerabilities
The February 2022 Patch Tuesday was an anomaly. Not only did we see a record number of vulnerabilities addressed across all of Microsoft’s operating systems, but we also saw for the first time in my experience that all updates were only rated as important.
How to empower IT security and operations teams to anticipate and resolve IT issues
Any IT system administrator knows the misery of dealing with a problem whose root cause requires hours (and sometimes days) to be unearthed, while part of the IT infrastructure entrusted to him is unavailable to users, open to attack or not compliant with mandatory security standards.
SDP solutions are real ZTNA solutions: they don’t trust anyone
In this interview with Help Net Security, Alissa Knight, cybersecurity influencer and partner at Knight Ink, discusses why businesses should move to SDP over VPN, and how this approach can help strengthen their cybersecurity posture.
Cybercrime is becoming more and more destructive, teleworkers in the crosshairs
Fortinet threat intelligence from the second half of 2021 reveals an increase in attack automation and speed demonstrating more advanced, more destructive and unpredictable persistent cybercrime strategies.
How do I select a CDR solution for my business?
In the file sharing process, what’s critical for every organization is ensuring that malware doesn’t follow, and that’s where a Content Disarming and Reconstruction (CDR) solution comes in handy.
Security officials want legal action for not fixing Log4j
The recently identified vulnerability in the Java Log4j logging package has created headaches for security professionals around the world.
Leveraging Mobile Networks to Threaten National Security
In this interview with Help Net Security, Rowland Corr, Director of National Security Intelligence at AdaptiveMobile Security, discusses how mobile networks can be exploited as part of a cyber warfare strategy, why it’s a growing national concern, and how to put implement defenses against such sophisticated attacks.
Malicious actors are better at evading AI/ML technologies
The Deep Instinct Threat Research team extensively monitored attack volumes and types, then extrapolated their findings to predict where the future of cybersecurity is heading, determine what motivates attackers and, most importantly, , outline the steps organizations can take now to protect themselves in the future.
The biggest threat to ICS/OT is a lack of prioritization
SANS investigation reveals that cyber attackers have demonstrated a strong understanding of operational technology (OT) and industrial control system (ICS) engineering and have carried out attacks that access and negatively impact operations and human security.
What is Ransomware Protection as a Service?
Ransomware attacks have devastating consequences for many businesses. These go beyond monetary loss from ransom-encrypted data and include interrupted operations, unhappy customers, regulatory fines and, even worse, reputational damage that can be difficult to overcome.
Lack of visibility affecting ICS environments
Dragos released his report on Cyber Threats Facing Industrial Organizations, citing the emergence of three new threat groups targeting ICS/OT environments, two of which gained access to industrial organizations’ OT systems.
Why Banks Should Integrate Software Bill of Materials (SBOM) into their Third-Party Risk Programs
In the face of rising cybersecurity threats, the Biden administration issued an executive order in May 2021 calling for supply chain improvements. Among the recommended requirements is a Software Bill of Materials (SBOM) for government-contracted software vendors.
Phishing attacks hit record high in December 2021
APWG recorded 316,747 phishing attacks in December 2021, the highest monthly total seen since its reporting program began in 2004. Overall, the number of phishing attacks has tripled since the start of 2020.
Navigating Data Privacy in the Higher Education Ecosystem
The need for academic institutions to become data privacy advocates is paramount. Over the past 24 months, higher education institutions have accelerated digital transformation initiatives.
How to protect the intellectual property of your medical device against cyberattacks
Protecting intellectual property (IP) has always been a priority for medical device manufacturers, as competitors and even governments constantly attempt to compromise or steal intellectual property.
Applications, devices and workloads form the ecosystem cornerstone for trustless growth
As cybersecurity professionals, we admit it: zero trust has become the industry’s biggest buzzword. Some argue that it is a principle, others argue that it is a framework, still others that it is primarily an architecture.
Take a dev-centric approach to cloud-native AppSec testing
The era of the cloud-native application is well and truly here: IDC researchers have predicted that by 2023, more than 500 million applications will be developed using cloud-native approaches!
Product showcase: SharePass – Simplified secure communication
We all know the numbers. Data breaches are up 30% year over year, ransomware is rampant with no signs of slowing down, and identity theft reports have doubled to almost 1.5 million a year.
Open XDR Summit: Show how Open XDR is transforming security operations today
Open XDR Summit is a community of cybersecurity professionals who use Open XDR to cost-effectively reduce risk while dramatically improving productivity and confidence.
Infosec Products of the Month: February 2022
Here’s a look at the hottest products from the past month, with releases from: Arista Networks, Blueshift Cybersecurity, Bugcrowd, Cato Networks, Cofense, CoSoSys, Cybellum, Cymulate, Darktrace, DataStax, F5 Networks, Federal Reserve, Forcepoint, Gigamon, Gretel, Juniper Networks, Mandiant, MyCena, NetSPI, Ondato, Orca Security, Ping Identity, Qualys, Runecast, ShiftLeft, Spin Technology, Stellar Cyber, Sumo Logic, SynSaber, Tenable, and Verimatrix.
New infosec products of the week: March 4, 2022
Here’s a look at some of the hottest products from the past week, with releases from Anomali, CybeReady, Endace, Enzoic, Palo Alto Networks, Perimeter 81, Secret Double Octopus, and VMware.