Security News > 2021 > May

Let's explore a few scenarios and how AI and biometrics can help uncover and fight fraud. Without an AI-powered fraud prevention platform and biometric authentication, this type of fraud could easily go unnoticed.

Add to this the dynamic nature of cloud computing and the amount of fast-paced change needed to execute the strategy, and it becomes very problematic for security teams to manage as the attack surface is in a state of constant flux. The approach lacks a continuous and comprehensive understanding of the attack surface, so can never adequately scale to meet the needs of a dynamic cloud environment.

Brough to you by cybersecurity researcher Kim Crawley and pentester and author Phillip L. Wylie, The Pentester Blueprint gives insights into the most common hurdles encountered by aspiring penetration testers, as well as tips on how to overcome them. The book starts by explaining what a pentester is, why they are beneficial to a company, and describes common pentesting methodologies.

The first of the updated Hot News notes deals with security updates for Chromium delivered with SAP Business Client - at version 90.0.4430.93, this Chromium update fixes 63 security holes. Of the high-severity security notes, two resolve three vulnerabilities in SAP Business One, all related to SAP's Chef Cookbooks, explained Onapsis, a firm that specializes in securing Oracle and SAP applications.

South Korea's Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation's energy infrastructure. Minister of Trade, Industry and Energy Moon Seung-wook convened a meeting yesterday, saying it was needed considering the ransomware attack on the Colonial Pipeline that shuttered one of the USA's main oil transport facilities.

The U.S. technology sector has now recorded employment growth in each of the past five months, according to analysis by CompTIA. Technology companies added 16,600 jobs in April, a combination of technical and non-technical positions, the report data reveals. For the year IT occupation employment has increased by 72,000 positions.

Traditional employee risk mitigation efforts such as security awareness training and phishing simulations have a limited impact on improving employees' real-world cybersecurity practices, according to Elevate Security and Cyentia Institute. The report examined malware, phishing, email security and other real world attack data and found that while security training results in slightly lower phishing simulation click rates among users, it has no significant effect at the organizational level or in real-world attacks.

Look into the Certified Information Systems Security Professional official training course and walk away with a grasp of the topics covered in the CISSP Common Body of Knowledge. Hosted by an² Authorized Instructor, the CISSP Webcast Series is comprised of eight 20-minute webcasts covering each of the certification's domains.

Exabeam announced Exabeam Fusion XDR and Exabeam Fusion SIEM, two new powerful cloud-delivered security products that efficiently solve threat detection, investigation and response without disrupting an organization's existing technology stack. Exabeam Fusion products integrate behavioural analytics and automation capabilities to deliver outcomes-based approach to security operations.

Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Another vulnerability of note is a remote code execution flaw in Hyper-V, which also scores the highest severity among all flaws patched this month with a CVSS rating of 9.9.