February 2020 - Page 2 of 4 - Cyber Security Minute

High-risk vulnerabilities and public cloud-based attacks on the rise

Issued by: Help Net Security

A sharp increase (57%) in high-risk vulnerabilities drove the threat index score up 8% from December 2019 to January 2020, according to the Imperva Cyber Threat Index. Following the release of Oracle’s Critical Patch Update – which included 19 MySQL vulnerabilities—there was an unusual increase in the vulnerabilities risk component within the Index. Specifically, there…

Cloud Security

Cloud-enabled threats are on the rise, sensitive data is moving between cloud apps

Issued by: Help Net Security

44% of malicious threats are cloud enabled, meaning that cybercriminals see the cloud as an effective method for subverting detection, according to Netskope. “We are seeing increasingly complex threat techniques being used across cloud applications, spanning from cloud phishing and malware delivery, to cloud command and control and ultimately cloud data exfiltration,” said Ray Canzanese,…

Application Security, Network Security

Most credential abuse attacks against the financial sector targeted APIs

Issued by: Help Net Security

From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly. According to the report’s…

Malware & Threats

Recent ransomware attacks define the malware’s new age

Issued by: CSO

History of ransomware Ransomware, a type of malware that holds data for ransom, has been around for years. In 1991, a biologist spread PC Cyborg, the first ransomware, by sending floppy disks via surface mail to other AIDS researchers, for instance. In the mid ’00s Archiveus was the first ransomware to use encryption, though it’s…

Vulnerabilities

A third of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above

Issued by: Help Net Security

Risk Based Security’s VulnDB team aggregated 22,316 newly-disclosed vulnerabilities during 2019, finding that 37.26% had available exploit code or a Proof of Concept and that 33.43% of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above. 2019 Year End Vulnerability QuickView Report Risk Based Security also identified a total of 302…

Vulnerabilities

The top four Office 365 security pain points

Issued by: Help Net Security

Many novice Office 365 (O365) shops do not know where platform-specific security vulnerabilities lie, or even that they exist. The threats that you are unaware exist do not cause pain until they rise up and bite – then the agony is fierce. Companies get themselves into trouble when they do not fully understand the way…

Network Security

Focus on cyber resilience increasing sharply as oil companies seek to protect their assets

Issued by: Help Net Security

Cybersecurity has emerged as the top focus of upstream oil and gas companies’ digital investments, according to a report from Accenture. The report is based on a global survey of 255 industry professionals, including C-suite executives, functional leaders and engineers. Increased investments in cybersecurity When respondents were asked which digital technologies their organizations are investing…

Network Security

IT and business process automation growing with cloud architectures

Issued by: Help Net Security

Many organizations are starting to realize the benefits of increased scale and velocity of application deployment in their businesses, according to F5 Networks. This value, however, can bring significant complexity as organizations maintain legacy infrastructure while increasingly relying on multiple public and private clouds, implement modern application architectures, and face an evolving and sophisticated threat…

Vulnerabilities

Flaw in WordPress Themes Plugin Allowed Hackers to Become Site Admin

Issued by: Security Week

ThemeGrill Demo Importer is a popular plugin that allows WordPress website administrators to import demo content, widgets and settings for ThemeGrill themes. Researchers at web security company WebARX discovered recently that versions 1.3.4 through 1.6.1 of the plugin are affected by a critical vulnerability that allows an unauthenticated attacker to wipe the entire database of…

Application Security

Three API security risks in the wake of the Facebook breach

Issued by: Help Net Security

Facebook recently pledged to improve its security following a lawsuit that resulted from a 2018 data breach. The breach, which was left open for more than 20 months, resulted in the theft of 30 million authentication tokens and almost as much personally identifiable information. A “View As” feature that enabled developers to render user pages…