Security News > 2021

Cybersecurity bad actors are taking advantage of the COVID-19 pandemic and attacking businesses. Follow these best practices for protecting your organization before a security attack.

Just because an admin needs access to one system setting, database or network doesn't mean they need access to all of them; applying role-based security permissions to your IT team makes as much sense as not giving receptionists access to the build tree for your internal applications. While having privileged admin access is convenient, if there's a data leak, a database admin would much rather be able to say that the contents of the database are encrypted so they can't have seen anything than to try and prove they didn't copy data they didn't need to have access to in the first place.

Professionals union Prospect warned that the UK was at risk of 'sleepwalking into a world of surveillance' as more businesses turn to digital tools to keep tabs on remote workers. With employers no longer able to oversee work directly, some have turned to software as a means of keeping tabs on what their employees are up to.

The Cloud Security Alliance announced the availability of version 4 of the Cloud Controls Matrix, CSA's cybersecurity framework for cloud computing. The CCM v4 includes additional cloud security and privacy-related controls and encompasses coverage of requirements deriving from new cloud technologies, improved control auditability, enhanced interoperability and compatibility with other standards, and expanded support offerings to navigate the cloud shared responsibility model.

Cisco SD-WAN Buffer Overflow Vulnerabilities: Systems running the Cisco SD-WAN software - such as SD-WAN vEdge Routers - can be exploited "By sending crafted IP traffic through an affected device, which may cause a buffer overflow when the traffic is processed." A successful attack can result in the execution of arbitrary code on the underlying operating system with root privileges, which means you basically hand over the gear to a stranger. Cisco SD-WAN Command Injection Vulnerabilities: These can be exploited by authenticated users to gain root-level privileges on a system running the vulnerable software.

The constantly evolving healthcare environment has placed immense financial strain on hospitals and increased pressure on healthcare staff, which has been made worse by the influx of possible security threats. The U.S. Cybersecurity and Infrastructure Security Agency has recently released an alert highlighting imminent cybercrime threats to U.S. hospitals and healthcare providers.

The retail and hospitality sector is fixing software flaws at a faster rate than five other sectors, a Veracode analysis of more than 130,000 applications reveals. Retail and hospitality also track a high volume of personal information about consumers through loyalty cards and membership accounts, tying into marketing data from third parties, which is enabled by more software.

A Windows 10 20H2 cumulative update released to Insiders on the 'Release' channel leaked that the next feature updated will be 21H1. When Microsoft releases new feature updates, it typically alternates between releasing them as a full-featured update or a small enablement package, which simply turns on dormant features already built into Windows 10. As the last feature update was Windows 10 20H2 and was distributed as an enablement package, the thought was the Windows 10 21H1 would be released as a full feature update.

Global organizations are struggling to maintain consistent application security across multiple platforms, and they are also losing visibility with the emergence of new architectures and the adoption of APIs, Radware reveals. Working to maintain application security across platforms.

LexisNexis Risk Solutions published survey results of U.S. and Canadian compliance professionals on the range of challenges that financial institutions have experienced during the COVID-19 pandemic. The survey outlines the issues that many financial institutions encounter today and finds that the pandemic continues to test the resilience and agility of businesses across every market.