Science & Technology

Review Week: Exchange Server Under Attack, Disinformation Economics, Tuesday Patch Prediction

Here’s a summary of the most interesting news and articles from last week:

How do I choose a cloud security solution for my business?
There are many factors to consider when choosing the right cloud security solution for your business. We talked to several industry experts to gain insights on this topic.

A serious flaw in the Rockwell PLC allows an attacker to tamper with them (CVE-2021-22681).
A critical and vulnerable vulnerability (CVE-2021-22681) allows an attacker to remotely connect to Rockwell Automation’s programmable logic controller (PLC) to install new (malicious) firmware or configure the device. May change. Due to these factors, the vulnerability received a maximum CVSS v3 severity score of –10.0.

Has Exchange Server targeted a zero-day exploit been attacked?
Microsoft has released an out-of-band security update for seven bugs affecting Microsoft Exchange Server. Four of them are zero-day vulnerabilities exploited by wild attackers to plunder on-premises machines.

Economics and Strategies for Mitigation Behind the Global Disinformation Engine
Online propaganda is a rapidly expanding problem, with turmoil, distrust and revolution. According to the new IDC Covernment Insights report, widespread promotion penetration is achieved by following a specific set of steps.

Security starts with architecture
Developers typically identify problems and look for the simplest and fastest solution possible. Here is the formula for each patch we want to migrate.

March 2021 Patch Tuesday Forecast: Towards Early Start
Microsoft started early with a patch on Tuesday and released a series of out-of-band security updates for bugs that were actively exploited on Exchange Server.

Multi-payload Gootloader platform delivers malware and ransomware to stealth
The Gootloader infection chain begins with advanced social engineering techniques that include hacked websites, malicious downloads, and manipulated search engine optimization (SEO). When someone enters a question into a search engine such as Google, the hacked website will appear in the top results.

Protect your digital workplace with an integrated security strategy
COVID-19 has driven the IT world into the future. Organizations considering long-term digital transformation plans were suddenly forced to accelerate their timelines, allowing employees to work remotely within shelter-in-place orders. Is it possible to protect this new digital world when IT security teams are still struggling to protect the old ones?

A vulnerability in the Linux kernel has been fixed to allow local privilege escalation (CVE-2021-26708).
Security researcher Alexander Popov discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel.

Preparing for an onslaught of cybersecurity maturity model certification
For the Department of Defense (DIB), the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) compliance requirements are a hot news topic for 2021. In fact, CMMC compliance is probably at least 2025 across the DIB market.

Sneaker bot surge across the industry: DIY bot operator long tail
Stopping unwanted bots is becoming an increasingly difficult task. As a result, it is a hot topic in many aspects of the industry and online business.

Risky Business: Three Timeless Approaches to Mitigate Security Risks in 2021
The COVID-19 pandemic has left employees home, creating security risks ranging from increased phishing and spear phishing attacks to the use of third-party DNS-over-HTTPS resolvers and increased reliance on advanced features. It is increasing overall. A nation-state attack that attacks SolarWinds.

Most IT security leaders are not confident in their security regime.
78% of senior IT and IT security leaders say organizations have adequate protection against cyberattacks, despite increased investment in IT security in 2020 to address the challenges of decentralized IT and telecommuting. I think it’s missing.

Data is the most risky in email, with 83% of organizations experiencing email data breaches
Ninety-five percent of IT leaders say their client and enterprise data is compromised by email. In addition, the overwhelming 83% of organizations have suffered data breaches through this channel in the last 12 months.

10 Strategies That Small Security Teams Can Use for Effective Cybersecurity Management
These IT professionals need to be more creative and practical than the professionals of large enterprises, as the challenges of small security teams are certainly different than those of large teams.

Cybercriminals continue to target trusted cloud apps
Today, the vast majority of all malware is delivered via cloud applications, emphasizing how attackers can exploit popular cloud services to circumvent legacy security defenses that increasingly endanger corporate data. I am.

Alexa skills: security gaps and data protection issues
The voice command “Alexa Skills” allows users to load a number of additional features into the Amazon Voice Assistant. Amazon screens out special voice assistant features for security. However, fraudsters can bypass this check.

Review Week: Exchange Server Under Attack, Disinformation Economics, Tuesday Patch Prediction

https://www.helpnetsecurity.com/2021/03/07/week-in-review-exchange-servers-under-attack-disinformation-economics-patch-tuesday-forecast/ Review Week: Exchange Server Under Attack, Disinformation Economics, Tuesday Patch Prediction

Back to top button