Here is a summary of the most interesting news and articles from the last week:
The high-risk Cisco Secure Boot Process vulnerability affects millions of devices
Red Balloon Security has discovered a high-risk security vulnerability in the Cisco secure boot process that affects a wide range of Cisco products in businesses and state-owned networks, including routers, switches and firewalls.
Tips to clean up and protect your company's social networks.
Spring is a good time for organizations and businesses to review or reassess the security of their presence in social networks and related activities.
Identity theft victims could cause us to accept more friction to improve safety
Too many people who have never been victims of identity theft and financial crimes do not understand how devastating they are to the victims.
Intel MDS Attack Mitigation: a general description
Intel has discovered that some of its processors are vulnerable to a series of new speculative execution attacks that could allow attackers to steal data and sensitive passwords.
Microsoft Correct Wormhole ROP Vulnerability, Vulnerabilities in Speculative Execution Side Channel
Microsoft has released patches for 79 vulnerabilities, 22 of which are critical. Among the agreements is CVE-2019-0708, a "vermifuge" of RDP that was soon to be armed by the attackers.
Despite the warnings, most users do not change their passwords
64% of users use the same password for some or all of their online accounts, while only 21% use a different password for each account.
The hidden danger of hijacked e-mail response chains.
Although phishing has taken various forms since the 1990s, recent news has shown that it is evolving and remains a major threat. Today, phishing tactics are so sophisticated that it can be difficult to detect fraud, especially in the case of deviant e-mail response chains.
What do you need as a strategist for Infosec products?
Choosing the right security product that best meets the needs of your business needs to be aggravated by the "choppy sea and contaminated ineffective safety products" to navigate the right and effective solution.
Websites that track sites that continue to provide insecure security one year after the GDPR
One year after the entry into force of the European Union's regulations on data protection (GGR), RiskIQ found a website that included 10 of the UK's largest financial services companies, websites still covered. Without adequate security measures.
How can we help cybersecurity analysts?
It is difficult today to be a cybersecurity analyst. In recent years, we have often been reminded of the challenges they face, notably through the constant flow of extensive data breaches that make headlines.
What should CISOs focus on when making strategic decisions?
The effectiveness of the security strategy and the implementation of a business can sometimes be difficult to assess. Michael Hamilton, president and security director of CI Security, said the analysis of a number of key performance indicators may be useful.
WhatsApp bug where spyware was simply installed by calling the target
WhatsApp, a security vulnerability in the popular end-to-end encrypted email application, has allowed attackers to install spyware on smartphones without user interaction, the Financial Times reported.
RSSI: What would you do?
The first problem the CISO addressed was the regret of not having developed a strategic plan for its new security programs. They found that they could have saved a lot of extra work and could work much faster if they had taken the time to develop a roadmap.
SharePoint servers targeted by CVE-2019-0604
CVE-2019-0604, a critical vulnerability that triggers the attack of unpatched Microsoft SharePoint servers, was exploited by attackers to install a Web shell.
Cleaning the Security Springs: 5 Tips for Saving Network Backups
Networks need regular cleaning such as house, car or garage. Why? The answer is simple: Poor safety can lead to serious data breaches. If you do not regularly check your network, vulnerabilities and potential vulnerabilities can accumulate.
Half of the companies did not comply with the DSGVO deadline, 70% admit that the systems will not develop further
According to a DataGrail survey, only half of the companies received a two-year notice of compliance with the GDPR before 25 May 2018.
Google offers a free replacement for the security keys of Titan Buggy
The Bluetooth pairing protocols mismatched in Google's Titan Security Keys allow attackers to communicate with the user's security key or with the device the key is associated with, Google warned.
The lack of cybersecurity capabilities remains the leading cause of security incidents.
Skills shortage worsens cyber for the third consecutive year and affects nearly three-quarters (74%) of organizations, according to ISS (ISS) ISS, the third annual survey of cyber pros. Independent industry analyst. Business Strategy Group (ESG).
The analysis of memory is the truth on the ground.
During most solutions protection focus endpoint on symptoms or behaviors of a machine to detect suspicious activity, such connections abnormal network or data leaks, the real threat lies in malicious code running identification in memory.
Organizations that are not satisfied with ineffective WAF protection, time-consuming and expensive management
According to the Ponemon Institute report from Cequence Security, only 40% of companies are satisfied with their Web Application Firewall (WAF).
The six most important cyber security risks for the public service sector
The public services sector is rapidly modernizing its infrastructure by equipping all equipment, facilities and systems with more digitized devices and connectivity. This move towards "smart infrastructure" is a positive paradigm shift for the industry.
When things fail, companies need to share information about threats.
IronNet's report on cybersecurity shows that a vast majority of IT security decision-makers are willing and willing to share valuable data about threats, helping the private sector make better, better-informed decisions about cyber-attacks.
New products of the week infosec: May 17, 2019.
An overview of infosec products launched last week.
Aucun commentaire:
Enregistrer un commentaire