Security News > 2020 > March

From the return of the Martinelli WhatsApp hoax to the takedown of hacker forum Deer.io - and everything in between. It's roundup time.

As people increasingly work from home and online communication platforms such as Zoom explode in popularity in the wake of coronavirus outbreak, cybercriminals are taking advantage of the spike in usage by registering new fake "Zoom" domains and malicious "Zoom" executable files in an attempt to trick people into downloading malware on their devices. "The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure, and exploit. Each time you get a Zoom link or document messaged or forwarded to you, I'd take an extra look to make sure it's not a trap."

As women take more senior positions in the field of cybersecurity, there's a shortage of women available to mentor others. That's according to the results of the SANS Institute's first survey on Women in Cybersecurity, here, which found while mentoring is a hugely important part of career progression, only seven per cent of those polled had been mentored by another woman.

Finding skilled cybersecurity professionals to fill organizations' increasing needs is becoming more difficult by the day due to the wide cybersecurity workforce skills gap. Steve Velasco, a senior cybersecurity recruiter at NinjaJobs, a community of information technology veterans devoted to helping companies find vetted, experienced cybersecurity professionals, says that while there certainly seems to be shortage in cyber talent, that shortage is usually tied to geography - and especially so when it comes to incident response, DevSecOps, threat intelligence and penetration testing.

Cybersecurity company Indusface that holds expertise in keeping applications over the internet secure has decided to step up and do our bit to the society. During this unprecedented time, Indusface has announced to support organizations affected by COVID-19 by offering professional cybersecurity protection to their online businesses at free of cost for at least a month.

Let's look at and debunk the top vulnerability management myths, so that enterprises may opt to change their practices in ways that make fortifying cyber defenses and reducing risks significantly easier. New vulnerability management solutions make scanning at scale significantly faster and easier without impacting network performance, so there is really no good reason why enterprises should put networks at risk unnecessarily.

In this podcast, Mike Nelson, Vice President of IoT Security at DigiCert, talks about the growing insecurity of IoT devices and what we should do about it. We read a lot about bad password practices, and hard-coded credentials, and hackers being able to gain access because they go in and they are able to discover the password and the user manuals of IoT - IoT instruction manuals.

As the number of smart devices in private households increase, so do the opportunities for cybercriminals to attack, according to TÜV Rheinland. Experts view these key cybersecurity trends as critical to understand in 2020.

The COVID-19 pandemic is just the latest in a line of recent risk events showing how organizations are not properly set up to manage risk, especially fast-moving ones. "Traditional approaches fail because they can't effectively deal with fast-moving and interconnected risks. Pandemic is a rapidly developing type of risk that needs a dynamic risk management set-up," said Malcolm Murray, vice president and fellow, research for the Gartner Audit and Risk practice.

So how do we explain the ever-increasing number of data breaches? According to Cloud Security Risks & How to Mitigate Them.Insufficient access management and account hijacking.