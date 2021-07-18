



Here’s a summary of the most interesting news, articles, and interviews last week:

(IN) SECURE Magazine No. 69 Released (IN) SECURE Magazine is a free digital security publication that describes some of the hottest information security topics. Issue 69 was published today. Its free download, no registration required.

U.S. Government Establishes Ransomware Task Force to Reward $ 10 Million for Information The U.S. Government Establishes Inter-Ministry Ransomware Task Force, a Hub of Ransomware Resources, Sponsored by the State We are providing $ 10 million for information about cyber attackers.

Explosive Zero-day Exploits: Bad News and Good News Have you noticed more recently about in-the-wild attacks that exploit zero-day vulnerabilities? Researchers at Google’s Threat Analysis Group (TAG) said in a recent blog post that in mid-2021 there were 33 zero-day exploits used in attacks published this year, 11 more than the total since 2020. I’m pointing out.

Patch Tuesday, July 2021: Microsoft has fixed four actively exploited bugs. Microsoft has released 117 CVE patches, 13 of which are considered critical. Six of the total are publicly known and four are being actively abused (including CVE-2021-34527, also known as PrintNightmare).

SolarWinds Patch (CVE-2021-35211) Exploited in Zero-Day Attacks SolarWinds is an RCE vulnerability affecting CVE-2021-35211 that affects ongoing Serv-U managed file transfers and Serv-U secure FTP. We have released an emergency patch. It is abused in the wild.

How Microsoft Drives Cloud-Based Innovation in Azure Space Across the Earth Stephen Kitay is a former Secretary of Defense Assistant to Space Policy and is now a Senior Director of Microsoft Azure Space with Helpnet Security. I shared it. Orbit.

Gmail enhances email security by adding support for BIMI Organizations, which deploys domain-based message authentication, reporting, and compliance (DMARC). Going forward, Gmail recipients can increase their confidence in emails, newsletters, receipts, and automatically sent offers. Display the company logo.

A critical vulnerability in Schneider Electric Modicon PLC could lead to RCE (CVE-2021-22779) Armis researchers authenticate bypass to Schneider Electrics Modicon Programmable Logic Controller (PLC), which could lead to remote code Vulnerabilities (CVE-2021-22779) discovered-execution (RCE).

The Rise and Importance of Developer Experience Engineers In a world of increasing reliance on digital products, software development is becoming a catalyst for value creation and top-line business outcomes. Innovation is increasing productivity at each level of the industry. This is especially true for technology frontier companies seeking innovation in response to competition. In many cases, this means developing new software at a pace.

Avanan, a top target for IT, healthcare and manufacturing cyberattacks, has released a report analyzing today’s threat landscape, phishing vectors and industry-based attacks, launching cyberattacks in healthcare and manufacturing in the first half of this year. Published as two of the top targets of.

According to the report, 54% of companies have policies to combat ransomware attacks, regardless of whether 54% of companies mean ransom payments, reliance on insurance policies, or refusal to pay. , I have a predefined policy to deal with ransomware attacks. Data barracks.

What is the next agenda for the Chief Compliance Officer? Discuss with Chris Audet, Senior Director of Gartner, to review the following agenda items for Global Compliance Leaders:

Health Insurance Companies Faced with an Increased Risk of Customer Data Theft The US health insurance industry is using technology used by cyber criminals as telemedicine offerings expand and digitalization of insurance transactions, clinical records and claims progresses. As they become more sophisticated, they face an increased risk of cybersecurity threats.

How do I choose the right third-party risk management solution for my business? There are many factors to consider when choosing the right third-party risk management solution for your business. Talked to industry experts to gain insights on this topic.

1 in 5 failed infrastructure PCI compliance assessment According to a recent poll by SentryBay, more than 21% of the surveyed companies’ infrastructure can maintain high security standards when processing customer card payments The major PCI compliance assessment designed for is failing. In addition, an additional 29.3% said they were not confident in their compliance with PCI DSS.

79% of organizations recognize threat modeling as a top priority in 2021. SecurityCompass has released the results of a report designed to better understand the current state of threat modeling for medium-sized $ 100- $ 999 million and large-scale $ 1 billion or more. Enterprises are particularly focused on the challenges organizations face when scaling threat modeling for the applications they build and deploy.

How Much Does an Insider’s Data Leakage Cost? Corporate data is at risk as companies move out of the pandemic and 40% of their employees plan to change jobs. Files are uploaded, shared, synced, and emailed by employees as a normal process of day-to-day operations or in preparation for their next role in various organizations. Exactly the same technology that allows free flow of data within an organization is also a technology that allows insiders to easily steal data.

Overcoming Human Hacking Needs More Than MFA Multi-Factor Authentication (MFA) is a very necessary addition to an effective cyber defense strategy, but it is by no means absolutely certain. In fact, a single security measure cannot be considered completely effective when using automation to evade detection and confront threat actors who identify weaknesses in a company. Instead, organizations should see MFA as another layer of security that helps mitigate the risk of potential breaches.

Pave the way for women in industrial cybersecurity research The first step in bringing more women into the field of cybersecurity and becoming the greatest catalyst for success in the industry is women’s inspiration and mentorship. We are at a turning point in the security industry, where women step into conversations and lead everything for good reason.

By returning to the task of rebuilding the security culture when employees return to the office, security teams are in the area of ​​insider risk management programs that may have been swept under the rug while working remotely. You can focus again on. As employees reunite for the first time in a while, it’s a good time for businesses to rebuild a stronger office security culture between employees and security teams.

Customizing malware for attacks on virtual infrastructure Cybercriminals Cyber ​​incidents continue to grow, with ransomware accounting for nearly two-thirds of all malware attacks and customizing malware for attacks on virtual infrastructure. Positive Technologies has discovered that more and more cybercriminals are doing so.

Understanding and blocking five common cybersecurity exploit techniques requires in-depth system knowledge and continuous monitoring of all applications. You need an advanced next-generation cyber protection solution with exploit protection.

Ensuring HIPAA compliance when using cloudFailure to comply with HIPAA rules can be costly for healthcare providers. In fact, you can be fined up to $ 50,000 for each violation. In 2019 alone, the US Department of Health and Human Services Citizenship and Accounts Authority (OCR) has levied a huge fine of $ 15.2 million for HIPAA violations.

Addressing today’s evolving cybersecurity threats requires a more dynamic approach. As they slowly but surely recover from the crisis blockade and all show telecommuting, companies need to reassess their approach to cybersecurity and the increasing number and variety of attacks. Organizations need a radical rethink to ensure that they are set to continually adapt and evolve to respond to the rapidly changing nature of threats.

The actual cost of MSSPs that do not implement the new tech Enterprises is a lot to manage as the infrastructure grows and scales to the increasingly complex cloud computing environment. They often secure strong security regimes with the help of professionals and outsource work to managed security service providers (MSSPs).

How to Balance Healthcare and Later Privacy and Personalization The trade-off between the adoption and responsible use of a wide range of technologies is often within the scope of privacy. When it comes to data-driven technologies such as artificial intelligence (AI), it’s even harder to balance fair access with inherent risks. This is strongly felt in the healthcare industry, as regulations on information sharing are generally stricter than those in other industries.

Addressing Cybersecurity Skills Gap: Where to Go From Here? There are an estimated 3.21 million cybersecurity jobs that need to fill more than twice the current number of workers in this area. Due to this dramatic gap, it is important for businesses, students and the industry to prioritize working together to protect against cyberattacks.

Threat Situation in 2020: Seeing What Avoided Boundary Defense Today’s reality is that security breaches are occurring. There are too many advanced attackers and they are too determined to be caught in border defense. It’s relatively easy to exploit vulnerabilities at the edge of the network or trick users into granting access to devices.

Product Showcase: ESET Cyber ​​security Awareness Training ESET Cyber ​​security Awareness Training is specially designed to educate employees as human error is cited as the leading cause in 95% of all violations. Has been (IBM). Nearly one-third of all data breaches are associated with successful phishing attempts, and the Cyber ​​Risk Alliance estimates that companies are victims of ransomware every 40 seconds.

New infosec products of the week: July 16, 2021 An overview of the infosec products released that week.

