July 2020 - Page 4 of 5 - Cyber Security Minute

Cyberwarfare: The changing role of force

Issued by: Help Net Security

Novel malware, computer code and clandestine digital access are some of the unconventional weapons various countries are currently amassing and deploying. Whether used as a force multiplier for disinformation operations, for stand-alone projections of power or carefully calibrated escalations of conflict, cyber weapon use is growing on the international stage. Take as example the most…

Vulnerabilities

The crypto-agility mandate, and how to get there

Issued by: Help Net Security

To achieve long-term data protection in today’s fast-changing and uncertain world, companies need the ability to respond quickly to unforeseen events. Threats like quantum computing are getting more real while cryptographic algorithms are subject to decay or compromise. Without the ability to identify, manage and replace vulnerable keys and certificates quickly and easily, companies are…

Vulnerabilities

USB storage devices: Convenient security nightmares

Issued by: Help Net Security

There’s no denying the convenience of USB media. From hard drives and flash drives to a wide range of other devices, they offer a fast, simple way to transport, share and store data. However, from a business security perspective, their highly accessible and portable nature makes them a complete nightmare, with data leakage, theft, and…

Cloud Security

An effective cloud security posture begins with these three steps

Issued by: Help Net Security

Public cloud adoption continues to surge, with roughly 83% of all enterprise workloads expected to be in the cloud by the end of the year. The added flexibility and lower costs of cloud computing make it a no-brainer for most organizations. Yet while cloud adoption has transformed the way applications are built and managed, it…

Software Security

July 2020 Patch Tuesday forecast: Will the CVE trend continue?

Issued by: Help Net Security

Microsoft has averaged roughly 90 common vulnerabilities and exposures (CVE) fixes per month over the past five months. With everyone working from home and apparently focused on bug fixes, I expect this large CVE fixing trend to continue. Despite these record CVE numbers, the actual number of updates have been down; we haven’t seen Exchange…

Malware & Threats

New DOE document names China, Russia as threats to US bulk power system

Issued by: CSO

On May 1, the Trump Administration issued an Executive Order on Securing the United States Bulk Power System that seeks to remove from the power grid crucial electric equipment supplied by vendors from foreign adversarial nations. Yesterday, the Department of Energy (DOE), Office of Electricity issued a request for information (RFI) “seeking information to understand…

Vulnerabilities

What is the Risk Management Framework (RMF)? A standardized security framework from the DoD

Issued by: CIO Security

The Risk Management Framework (RMF) was first developed by the Department of Defense (DoD) to act as criteria for strengthening and standardizing the risk management process of information security organizations. The framework later became widely adopted by the rest of the U.S. federal information systems in 2010. While originally developed by the DoD, the National…

Network Security

How to protect Windows networks from ransomware attacks

Issued by: CSO

Honda’s Customer Service and Financial Services were apparently hit by a ransomware attack recently. Kaspersky found samples in the VirusTotal database that make it appear that the company was targeted by the Snake ransomware. This incident made me think about what we can learn from how Honda was targeted to better protect Windows networks from…

Vulnerabilities

Researchers discover how to pinpoint the location of a malicious drone operator

Issued by: Help Net Security

Researchers at Ben-Gurion University of the Negev (BGU) have determined how to pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone. Drones (small commercial unmanned aerial systems) pose significant security risks due to their agility, accessibility and…

Software Security

Elasticsearch security: Understand your options and apply best practices

Issued by: Help Net Security

The ever-escalating popularity of Elasticsearch – the distributed open source search and log analytics engine that has become a staple in enterprise application developers’ tool belts – is well-warranted. Elasticsearch security lapses, however, have been a headline-grabbing thorn in the side of the technology. The distributed document store too often represents a security blind spot…