CYBER THIS WEEK – OCTOBER 16, 2022
Comprehensive Network Visibility Is Imperative for Zero-Trust Maturity
At the end of the day, zero trust is a philosophy. To buy in completely, nothing can be taken for granted. Even organizations with more mature zero-trust implementations must continually verify their adherence with constant, pervasive network visibility.
Comprehensive Network Visibility Is Imperative for Zero-Trust Maturity (darkreading.com)
Will Security Teams Lose Relevance in the Age of Decentralized IT?
Times have changed, and security has to insert themselves into the conversations and procurement rather than waiting to be consulted
Will Security Teams Lose Relevance in the Age of Decentralized IT? – Security Boulevard
‘We don’t teach developers how to write secure software’ – Linux Foundation’s David A Wheeler on reversing the CVE surge
Addressing a decades-old deficiency in coding curriculums could have a profound effect on the security of the software supply chain, David A Wheeler, director of open source supply chain security at the Linux Foundation, draws a link between a failure to incorporate security into entry-level developer courses and the vast majority of vulnerabilities belonging to a small number of common bug classes.
Understanding DDoS Attacks on US Airport Websites and Escalating Critical Infrastructure Cyberattacks
Pro-Russian hacker collective Killnet disrupted the websites of several US airports via DDoS attacks, and critical infrastructure will likely continue to face escalating cyber threats.
DDoS Attacks on US Airport Websites and Escalating Cyberattacks (informationweek.com)
Implementing Cyber Security Protocols: Do not be your Company’s Weakest Security Link
The weakest link in your company could be you. The awareness provided here should help you further research ways to be a better cybersecurity advocate
Implementing Cyber Security Protocols: Do Not be your Company’s Weakest Security Link – TechBullion
Do cyber security experts practise what they preach?
Doctors make terrible patients apparently, but what about cyber security experts? Across academia and industry, cyber security experts are advising companies and researching the best way to protect data, information and the economy. But how do these experts protect the information in their own lives?
Do cyber security experts practise what they preach? (rte.ie)
How web data is leading US cybersecurity to unreached possibilities
Security teams use web data to achieve real-time visibility over the public domain, where digital fraud and risks mainly occur, and test their networks against vulnerabilities that may appear online.
How web data is leading US cybersecurity to unreached possibilities (hackread.com)
PoC Exploit Released for Critical Fortinet Auth Bypass Bug under Active Attacks
A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches.
PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks (thehackernews.com)
Study Shows Attackers Designing Email Phishing Attacks To Bypass Microsoft Email Defenses, and They Are Winning
Considering Microsoft 365 as a crucial initial entry point for many organizations, attackers design and test each phishing attack to ensure it bypasses Microsoft’s default security defenses.
Application Security: Crucial Steps to a Stronger Security Posture
Application security isn’t a one-size-fits-all proposition due to the ubiquity, fluidity and unique attack surfaces posed by applications. As a result, cybersecurity specialists typically employ a multilevel, phased life cycle approach to application security, building up defenses from development through deployment and into the cloud.
Application Security: Crucial Steps To A Stronger Security Posture (forbes.com)