Security News > 2020 > November

You've probably run into a major problem when trying to scrape Google search results. This article examines how to overcome Google web scraping issues without changing proxy servers.

In a password spraying attack, cybercriminals will often use databases of breached passwords, a.k.a pwned passwords, to effectively try these passwords against user accounts in your environment. Often passwords exposed in other breaches will be passwords that other users are using in totally different environments.

For some businesses, working with a technology solutions provider creates a mindset that the problem is no longer theirs, and as a result, their role in preventing and mitigating cybersecurity risks becomes more passive. In particular, helping end users to focus on phishing and social engineering attacks, access and passwords, together with device and physical security can close the loop between TSP and end users and keep cybercriminals at bay.

Microsoft Active Directory Certificate Services is an integrated, optional component of Windows Server designed to issue digital certificates. There are no free or open source Linux, UNIX or Mac tools available today that provide auto-enrollment or integrate with the Microsoft CA. The only "Free" option is to manually create and renew certificates from a Microsoft CA using complicated and error-prone commands.

CyberEdge conducted a web-based survey of 600 enterprise IT security professionals from seven countries and 19 industries in August 2020 in an effort to understand how the pandemic has affected IT security budgets, personnel, cyber risks, and priorities for acquiring new security technologies. A 114% increase in remote workers coupled with a 59% increase in BYOD policy adoption has wreaked havoc among enterprise IT security teams.

60% of organizations said they have accelerated zero trust implementation during the pandemic. The newly published report examines how enterprises are moving forward with zero trust networking initiatives, where they're being successful in doing so and how COVID-19 has affected the forward movement of those projects.

"NAT Slipstreaming exploits the user's browser in conjunction with the Application Level Gateway connection tracking mechanism built into NATs, routers, and firewalls by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse," Kamkar said in an analysis. NAT Slipstreaming works by taking advantage of TCP and IP packet segmentation to remotely adjust the packet boundaries and using it to create a TCP/UDP packet starting with a SIP method such as REGISTER or INVITE. SIP is a communications protocol used for initiating, maintaining, and terminating real-time multimedia sessions for voice, video, and messaging applications.

Virtual tasks and security concerns demand more IT time. The research found that 67 percent of respondents said they spend more time on virtual tasks like team web meetings, remotely accessing employee devices and customer web meetings.

In the wake of COVID-19, nearly 72 percent of U.S. based businesses have been rethinking how they work, 58 percent of businesses feel remote working is enabling them to hire a more distributed workforce, and 8 out of 10 businesses are already retooling to provide improved customer and employee experiences that enable new ways of working, Avaya reveals. 57 percent of businesses reported some struggle with remote communication and fatigue.

In today's perilous cyber world, companies must carefully check their vendors' cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire. These can be a headache, because many questionnaires include hundreds of questions, and many of them are irrelevant.