Week in review: Phishers’ perfect targets, evaluating partner cyber resilience, new issue of (IN)SECURE – Help Net Security

Heres an overview of some of last weeks most interesting news and articles:

Microsoft offers rewards for security bugs in Microsoft TeamsMicrosoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform.

Tackling cross-site request forgery (CSRF) on company websitesEveryone with half a mind for security will tell you not to click on links in emails, but few people can explain exactly why you shouldnt do that (they will usually offer a canned hackers can steal your credentials if you do explanation) Cross-Site Request Forgery (CSRF) is that reason.

Phishers perfect targets: Employees getting back to the officePhishers have been exploiting peoples fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start, and will continue to do it for as long it affects out private and working lives.

Data breaches and network outages: A real and growing cost for the healthcare industryOne year into the COVID-19 pandemic, the Infoblox report reveals major challenges the healthcare industry faced as IT workers scrambled to secure protected health information (PHI) and the infrastructure against the pandemics complex cybersecurity and networking challenges.

How to stay ahead of the rise of synthetic fraudThere are a number of reasons why synthetic fraud is on the rise, but there are also actions banks and other financial institutions can take to prevent this growing trend from doing damage.

Only 14% of domains worldwide truly protected from spoofing with DMARC enforcementWhile the DMARC enforcement rate increases, 3 billion messages per day are still spoofing the senders identity, Valimail reveals. Email continues to be an effective way to communicate and use has increased during a year of global pandemic, and hackers continue to use email as a primary attack vector, stressing that email security is not going away.

(IN)SECURE Magazine issue 68 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 68 has been released. Its a free download, no registration required.

Hidden areas of security and the future of hybrid workingWith the UK governments roadmap out of lockdown underway, it is predicted that employers will strive to keep the element of flexibility by moving to hybrid working models.

The financial impact of cybersecurity vulnerabilities on credit unionsCybersecurity vulnerabilities among credit unions and their vendors create the potential for large financial impacts to the credit union industry, according to a Black Kite report.

Cybercriminals capitalizing on our reliance on the cloud90% of cyberattacks on cloud environments in the last 12 months involved compromised privileged credentials, according to a research from Centrify.

5G network slicing vulnerability leaves enterprises exposed to cyberattacksAdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operators 5G network, leaving enterprise customers exposed to malicious cyberattack.

Remote workers admit to playing a significant part in increasing their companys cybersecurity risksThe COVID-19 generation of remote workers are admitting to playing a significant part in increasing the cybersecurity risks facing their companies. An Opinium research shows 54% are regularly using their work device for personal purposes, including sharing work equipment with family members.

70% of organizations recognize the importance of secure coding practicesA research from Secure Code Warrior has revealed an attitudinal shift in the software development industry, with organizations bucking traditional practices for DevOps and Secure DevOps.

What businesses need to know to evaluate partner cyber resilienceMany recent high-profile breaches have underscored two important cybersecurity lessons: the need for increased scrutiny in evaluating access and controls of partners handling valuable customer data, and the imperativeness of assessing a third partys (hopefully multi-layered) approach to cyber resilience.

Why DDI technology is fundamental for multicloud successDDI technology, which integrates Domain Name System, Dynamic Host Configuration Protocol and IP Address Management functions, can help provide the solution to meet complexity and security risks head on.

80% of security leaders would like more control over their API securityThere are major gaps in API security based on insights from over 100 senior security leaders at large enterprises in the United States and Europe, an Imvision report reveals.

How to get affordable DV certificates for onion sitesThe Tor Project, the nonprofit developers of the Tor network and Tor Browser, have announced two exciting developments for onion services: affordable DV certificates for v3 onion sites from HARICA, and new, easy onion site setup guides.

Using memory encryption in web applications to help reduce the risk of Spectre attacksTheres nothing quite like an actual proof-of-concept to make everyone listen. I was pleased by the PoC released by Google security engineers Stephen Rttger and Artur Janc earlier this month in a nutshell, they showed how the Spectre vulnerability can be used to exfiltrate cross-origin data from any website.

Rapid increase in security tools causing alert fatigue and burn outOn average, enterprises maintain 19 different security tools, with only 22% of such tools serving as vital to primary security objectives, a ReliaQuest survey reveals.

Cybersecurity awareness is too often a part-time effortSANS announced the release of a report which analyzes the data of over 1,500 security awareness professionals from around the world to benchmark how organizations are managing human risk and provides data-driven action items to mature awareness programs.

Special pricing on CISSP and CCSP training bundleWhether youre motivated by career advancement, higher pay or inspiring a safe and secure cyber world, the (ISC) CISSP and CCSP certifications are professional game-changers. And now through April 30th, you can save 10% on Official (ISC) CISSP or CCSP Online Self-Paced Training when bundled with your exam.

New infosec products of the week: March 26, 2021A rundown of the most important infosec products released last week.

More here:
Week in review: Phishers' perfect targets, evaluating partner cyber resilience, new issue of (IN)SECURE - Help Net Security