Weekly Review: Electronic Warfare, Cybersecurity Career Plan, Patch Tuesday Predictions

Here’s a look at some of the most interesting news, articles and interviews from the past week:

October 2021 Patch Tuesday forecast: Halloween arrived early this year
Halloween isn’t until the end of the month, but there has already been a lot of spooky activity leading up to this patch on Tuesday. PrintNightmare and Apple’s zero days are just a few that have made the news.

Software security and trust remain the top priority for buyers
Faster decision making, credit card transactions instead of negotiated contracts, and the almost ubiquitous use of peer review sites are all part of the new normal in buying business software, which increasingly resembles B2C buying behavior, G2 study reveals.

Researchers discover ransomware that encrypts virtual machines hosted on an ESXi hypervisor
Sophos has released details of new ransomware written in Python that attackers used to compromise and encrypt virtual machines hosted on an ESXi hypervisor. The report details a sniper-like operation that took less than three hours to go from breach to encryption.

Do you have a plan for your cybersecurity career? It’s time to gain skills!
Gerald Auger is Managing Partner at Coastal Information Security Group and Chief Content Creator at Simply Cyber. In this interview with Help Net Security, he talks about the cybersecurity skills shortage, the value of certification, as well as the “Cybersecurity Career Master Plan,” a book he co-authored.

Domain security remains an underused component to curb attacks
Despite the move to modernize business environments and operations among Global 2000 companies, web domains remain dangerously under-protected, according to CSC.

How collaboration between IT professionals and senior leaders could drive the future of risk mitigation
What is an acceptable level of risk for IT professionals and their organizations? The answer to this question has changed in recent years, with the threat landscape changing dramatically both due to global events and the increasing sophistication of attacks by cyber hackers.

The cybersecurity challenges facing organizations remain complex and numerous
New thinking about cybersecurity policies, processes, people and products is needed for organizations to reverse perceptions, and perhaps realities, that they are falling behind in their preparation, new report from CompTIA says .

IoT security of critical infrastructures: back to basics
In this interview with Help Net Security, James Carder, CSO & VP of Labs at LogRhythm, talks about the IoT security of critical infrastructure, the vulnerabilities that plague this type of technology, and how to tackle the growing number of cybersecurity threats. .

How CISOs plan to accelerate automation adoption
ThreatQuotient has released the Cyber ​​Security Automation Adoption Status in 2021, new research focused on understanding the importance, challenges and trends facing businesses and their CISOs in automation. computer security systems.

Combat vulnerability fatigue with automated security validation
The introduction of log monitoring (e.g. SIEM), firewall, and AV technologies more than two decades ago has provided valuable tools for IT teams to be alerted to known suspicious network behaviors. However, as time passes and digital transformation reaches an all-time high, the underlying technologies that support security teams in their day-to-day operations have not changed.

Large ransom demands and password guessing attacks escalate
ESET has published a report that summarizes key statistics from its detection systems and highlights notable examples of its cybersecurity research.

What technologies can help legal and compliance teams navigate a changing risk landscape?
In this interview with Help Net Security, Zack Hutto, director of advisory services within Gartner’s legal and compliance practice, talks about the challenges legal and compliance teams face and the technologies that can help them.

ATO attacks increased by 307% between 2019 and 2021
Sift released a report that details the scalable methods used by fraudsters to launch account takeover (ATO) attacks against consumers and businesses. The report details a sophisticated fraud network that sought to overwhelm online merchants by innovating against typical credential stuffing campaigns.

Five proven techniques for effective fraud management
Whether you are a small business or a large multinational organization, you are not immune to the repercussions of fraudulent activity. Fraud can have a negative financial impact on an organization and can erode the trust of current and future customers, as well as investors in a business.

91.5% of malware arrived via encrypted connections in Q2 2021
WatchGuard’s latest report shows an astonishing 91.5% of malware arriving through encrypted connections during the second quarter of 2021. This is a dramatic increase from the previous quarter and means any organization that doesn’t review no perimeter encrypted HTTPS traffic is missing 9/10 of all malware.

Electronic warfare: the critical ability to dominate the electromagnetic spectrum
In this interview with Help Net Security, Nick Myers, Director of Business Development, Electronic Combat Solutions at BAE Systems, talks about the evolution of electronic warfare, how it works, and why it’s important to invest in such technology.

Barriers and threats organizations face when protecting AD
Attivo Networks announced the availability of a research report conducted by Enterprise Management Associates (EMA) that focuses on Active Directory (AD), exploring the barriers and threats organizations face when protecting AD and how they work. ‘adapt to meet these growing concerns.

To adapt to new security threats in the cloud, look for “old” technologies
While there is a time and place to integrate additional cloud security solutions, it can also be easy to fall prey to the shiny object syndrome surrounding emerging solutions created in response to new security threats. Before you rush to invest in a new solution, however, remember that matching additional solutions to emerging threats in an individual punching game is not a sustainable strategy.

Best practices in cybersecurity lag behind, although people are aware of the risks
The National Cybersecurity Alliance and CybSafe have announced the release of a report that interviewed 2,000 people in the US and UK. The report looked at key cybersecurity trends, attitudes and behaviors ahead of Cyber ​​Security Awareness Month this month.

(ISC) ² goes to school: preparation and training for CISSP as part of a specialization
In this interview with Help Net Security, Renata Mekovec, Associate Professor and Head of the Specialized Postgraduate Study Management and Audit of Security of Information Systems at the Faculty of Organization and Informatics (University of Zagreb), talks about what the specialist study offers information security professionals. and the Faculty’s collaboration with (ISC) ² to ensure the preparation and training of the CISSP.

The digital key builds on past practices to create a more secure future
Too often we assume that the new technology replaces the old one, but the technology often builds on past generations, ideas and success, rather than completely abandoning it. Some people may not realize that past technologies are the basis of new technologies, as is the case with Bluetooth.

Finding the right mix: leveraging policies and incentives to improve cybersecurity in healthcare
When businesses are affected by a cyber attack, it can lead to business disruption, lost revenue, and customer dissatisfaction because their personal information is exposed. But for the health sector, the impact is much greater; cyber attacks can be a matter of life and death.

Infosec products of the month: September 2021
Here’s a look at the most interesting product releases for September, with releases from Attivo Networks, Absolute, Anomali, Alation, Citrix, Cloudflare, Cyware, Code42, Commvault, CoSoSys, Druva, DataDome, deepwatch, Elastic, Fugue, ForgeRock , Hornetsecurity, IPKeys Power Partners, IDrive, McAfee, Nutanix, Palo Alto Networks, Query.AI, Qualys, Red Sentry, Stairwell, ThreatConnect and Titania.

New infosec products of the week: October 8, 2021
Here’s a look at some of the more interesting product releases from the past week, with releases from Abnormal Security, Pradeo, Qualys, Semperis, and Swimlane.