Security News > 2021 > August

Action1 Corporation, provider of a cloud-based remote monitoring and management solution, announced its Q2 2021 results. Action1 achieved a number of significant milestones during the quarter, including a major update of its RMM platform and being listed in both the "30 Fastest Growing Tech Companies 2021" by the Silicon Review and "30 Admired Companies to Watch 2021" by CIO Bulletin.

Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy platform offered by the Cybersecurity and Infrastructure Security Agency. "Through this crowdsourcing platform, Federal Civilian Executive Branch agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified," Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, explained.

Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors - including Huawei - can be trusted around the world. Purdy, a former White House adviser on cyber security, makes some decent points - especially when pointing out that the Executive Order is only binding on federal agencies and their private sector suppliers.

Marketing activities, sales enablement tools, events, and so on should create the perfect environment that allows sales teams to fill their sales funnel. How can sales leaders gamify cybersecurity to engage prospects and ensure that business discussions are taken to their logical conclusion and reach a mutually valuable outcome?

While this digital shift is widely talked about, one of the often-overlooked repercussions of such rapid transformation is the need for a new approach to asset visibility. This lack of visibility is a major security risk and must be addressed by a renewed approach to asset management.

US-based Zoom users may have a little cash coming their way after the video meeting outfit lodged a preliminary settlement in a class action related to some of its less-than-brilliant security and data protection practices. The settlement was filed Saturday in an attempt to end a class action that alleged Zoom indulged in unlawful activities - including misrepresenting its end-to-end encryption capabilities and unauthorized transfer of personal data to third parties like Facebook, Google and LinkedIn - as well as implementing grossly inadequate security and privacy controls.

The 2021 Common Weakness Enumeration Top 25 Most Dangerous Software Weaknesses is a demonstrative list of the most common issues experienced over the previous two calendar years. These weaknesses are risky because they are many times easy to find, exploit, and can allow adversaries to take over a system, steal data, or prevent an application from working.

This second part to ISACA's annual State of Cybersecurity 2021 survey report examines cyber threat landscape trends, including frequency and type of attacks, confidence in cybersecurity teams and cybersecurity awareness initiatives, nuances related to security operations and reporting structure, and cybermaturity as a business imperative. "With the increase in the number and rate of cyberattacks worldwide, cybersecurity professionals are facing a challenging 2021 threat landscape that requires constant vigilance," says David Samuelson, CEO, ISACA. "These survey findings illustrate just how essential it continues to be for the global cybersecurity community to actively keep up to date with best practices and training, and ensure their teams are well staffed to detect and respond to attacks."

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services servers to infiltrate their networks. "TG1021 uses a custom-made malware framework, built around a common core, tailor-made for IIS servers. The toolset is completely volatile, reflectively loaded into an affected machine's memory and leaves little-to-no trace on infected targets," the researchers said.

A new survey of enterprise IT security leaders showed almost 80 percent believe remote workers are at more risk for phishing attacks now because they're isolated from their organizations' security teams. Despite the significant threat increase, more than 59 percent of respondents felt solutions such as video training, email reminders, and VPNs, were sufficient solutions by themselves to keep organizations safe from what those surveyed said were the biggest security breach fears: damage to brand and reputation, and legal jeopardy.