Following the news that the FIDO Alliance has created a new onboarding standard to secure IoT devices, the Industry leader commented below.
ISBuzz Team
A new study has found that 43.13% of workers will stay remote after the pandemic ends and two out of three IT professionals are concerned with teleworking endpoint misuse. The report examines the remote work challenges generated by the pandemic year and the number of people working from home far from corporate environments, on insecure networks, in many cases sharing with other unsafe devices in their homes.
CISA (The Cybersecurity and Infrastructure Security Agency) issued another Pulse Secure alert today regarding SUPERNOVA, an advanced persistent threat (APT) actor’s long-term compromise of an entity’s enterprise network. The threat actor connected to the entity’s network via a Pulse Secure virtual private network (VPN) appliance, moved laterally to its SolarWinds Orion server, installed malware referred to by security researchers as SUPERNOVA (a .NET webshell), and collected credentials.
BACKGROUND: Researchers found that nearly half of all malware is being hidden within TLS-encrypted traffic in order to evade detection from security tools.
It has recently been reported that the Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications. The patch was part of the non-profit’s Monday update to Firefox 88 and its corporate Firefox ESR 78.10 browser and its Thunderbird 78.10 email client. In total, Firefox 88 addresses 13 browser bugs, six of which are rated high-severity.
CISA’s alert – Exploitation of Pulse Connect Secure Vulnerabilities – confirms that attackers breached US government agencies and other critical organizations by exploiting vulnerabilities in Pulse Secure products. “Since March 31, 2021, CISA assisted multiple entities whose vulnerable Pulse Connect Secure products have been exploited by a cyber threat actor.” The CISO of Shared Assessments, the member-driven leaders in third-party risk management tools and research, offers perspective.
News broke recently that the Bank of England is setting up a task force to assess the possibility of a central bank digital currency.
Following news today that Apple was targeted in a ransomware attack carried out by REvil – with a key Apple supplier in Taiwan being sent threats around stolen blueprints of new iPads and iMacs – please find below commentary from security expert.
It has been reported that a misconfiguration error has exposed personal data belonging to customers of New England’s largest energy provider. On March 16, Eversource discovered that one of its cloud data storage folders had erroneously been set to open access rather than to restricted access. The company serves more than 3.6 million electric and natural gas customers in Connecticut, Massachusetts, and New Hampshire. An investigation into the data breach launched by Eversource’s security team found that the unsecured folder contained personal data belonging to customers residing in eastern Massachusetts.
Spending on network and endpoints security will be the big winners from cloud expansion, BI says Spending on cybersecurity is set to exceed $200 billion a year by 2024 as the market switches to cloud-based security with the network and endpoint security sectors likely to see the fastest growth, a new report from Bloomberg Intelligence (BI) says. Increased remote working is partly responsible for the expansion of the market, which was worth around $132 billion last year, but cloud-based software was already expanding in security before the COVID-19 pandemic as it replaced older systems. Cloud software is already established in…