Week in review: PAN-OS flaws, securing AD accounts against password-based attacks – Help Net Security

Here’s an overview of some of last week’s most interesting news, interviews and articles:

Popular Android apps are rife with cryptographic vulnerabilities
Columbia University researchers have released Crylogger, an open source dynamic analysis tool that shows which Android apps feature cryptographic vulnerabilities.

How to protect yourself from the hidden threat of evasive scripts
While Emotet is one example of threat that uses scripts as part of its evasive strategy, there are many other types of script-based evasion techniques organizations need to be aware of to keep their systems secure.

How to add 2FA to your Zoom account
Video conferencing platform Zoom is finally offering all users the option to enable two-factor authentication (2FA) to secure their accounts against credential stuffing attacks and attacks leveraging phished login credentials.

September 2020 Patch Tuesday: Microsoft fixes over 110 CVEs again
This September 2020 Patch Tuesday covers security updates by Microsoft, Adobe, Intel and SAP.

Mapping the motives of insider threats
Insider threats can take many forms, from the absent-minded employee failing to follow basic security protocols, to the malicious insider, intentionally seeking to harm your organization.

Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks’ firewalls
Palo Alto Networks remediated vulnerabilities in PAN-OS (operating systems version 8.1 or later).

How does XDR improve enterprise security in the face of evolving threats?
Cybercriminals will never run out of ways to breach the security protocols enterprises put in place. As security systems upgrade their defenses, attackers also level up their attacks. They develop stealthier ways to compromise networks to avoid detection and enhance the chances of penetration.

Four ways network traffic analysis benefits security teams
The march towards digital transformation and the increasing volume of cyberattacks are finally driving IT security and network teams towards better collaboration. This idea isn’t new, but it’s finally being put into practice at many major enterprises.

How COVID-19 affected remote work, customer engagements, and return to the office plans
Top-tier enterprises were 2.6 times as likely to have grown revenue, 2.5 times as likely to have reached profit goals and 2.1 times as likely to have high employee satisfaction numbers during the COVID-19 pandemic, according to a Catchpoint survey of 200 enterprise CIOs and 200 enterprise work-from-home (WFH) managers.

Securing Active Directory accounts against password-based attacks
Most of us need something to prevent our worst instincts when it comes to choosing passwords: using personal information, predictable (e.g., sequential) keystroke patterns, password variations, well-known substitutions, single words from a dictionary and – above all – reusing the same password for many different private and enterprise accounts.

Ensuring cyber awareness in the healthcare sector
As a result of the COVID-19 pandemic, healthcare professionals have increased their reliance on the internet to carry out their job. From connectivity with patients, to the interconnectivity of different medical devices passing patient data, the threat vector has expanded dramatically, so cyber awareness has become crucial.

Researchers develop secure multi-user quantum communication network
The world is one step closer to having a totally secure internet and an answer to the growing threat of cyber-attacks, thanks to a team of international scientists who have created a multi-user quantum communication network which could transform how we communicate online.

What happens to funds once they have been stolen in a cyberattack?
SWIFT and BAE Systems published a report that describes the complex web of money mules, front companies and cryptocurrencies that criminals use to siphon funds from the financial system after a cyber attack.

Internet Impact Assessment Toolkit: Protect the core that underpins the Internet
The Internet Society has launched the first-ever regulatory assessment toolkit that defines the critical properties needed to protect and enhance the future of the Internet.

Most compliance requirements are completely absurd
Compliance is probably one of the dullest topics in cybersecurity. Let’s be honest, there’s nothing to get excited about because most people view it as a tick-box exercise. It doesn’t matter which compliance regulation you talk about – they all get a collective groan from companies whenever you start talking about it.

How can the C-suite support CISOs in improving cybersecurity?
Among the individuals charged with protecting and improving a company’s cybersecurity, the CISO is typically seen as the executive for the job. That said, the shift to widespread remote work has made a compelling case for the need to bring security within the remit of other departments.

How do I select a remote workforce protection solution for my business?
To select a suitable remote workforce protection solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Developing a plan for remote work security? Here are 6 key considerations
With so many organizations switching to a work-from-home model, many are finding security to be increasingly more difficult to administer and maintain. There is an influx of vulnerable points distributed across more locations than ever before, as remote workers strive to maintain their productivity. The result? Security teams everywhere are being stretched.

Plan for change but don’t leave security behind
COVID-19 has upended the way we do all things. In this interview, Mike Bursell, Chief Security Architect at Red Hat, shares his view of which IT security changes are ongoing and which changes enterprises should prepare for in the coming months and years.

Cybersecurity after COVID-19: Securing orgs against the new threat landscape
The global pandemic has exposed new cracks in organizations’ cyber defenses, with a recent Tenable report finding just under half of businesses have experienced at least one “business impacting cyber-attack” related to COVID-19 since April 2020.

Product showcase: Cynet 360, 2020 Fall Platform Update
The Cynet 360 platform is built on three pillars: Extended Detection and Response (XDR), Response Automation and Managed Detection and Response (MDR). These three components together provide what Cynet calls Autonomous Breach Protection – essentially breach protection on autopilot. Let’s look at each of these components.

(ISC)² Exam Action Plan: Get your certification goals on track for success
Every (ISC)² member started out by committing to and passing one of our certification exams. No matter which certification you choose, you’ll find everything you need to prepare for the big day in the (ISC)² Exam Action Plan.

Read the original article

Author: HOCAdmin