Week in review: Microsoft Teams risks, open-source dependencies, DNS’s role in network security

ByClemence Norma

Here’s a rundown of some of the most interesting news and articles from the past week:

Data exchange in a smart city: choosing the right approach
To achieve a true Smart City and improve the quality of life for citizens, this should be a city-wide effort. This includes the sharing of data for collaboration and coordination between previously separated individuals and organizations, including public and private entities.

How do I choose a unified endpoint management solution for my company?
To choose the right UEM solution for your business, you need to consider several factors. We spoke to several industry experts to get their insights into the subject.

The 6 steps to implementing Zero Trust
Here is a simple, repeatable six step process that can help organizations adopt a zero trust security model.

The role of DNS in network security
New EfficientIP and IDC research shed light on the frequency of different types of DNS attacks and the costs associated with them for the past year during the COVID-19 pandemic.

New Google tool reveals dependencies for open source projects
Google has been working on a new, experimental tool to help developers discover the dependencies of the open source packages / libraries they are using and known security vulnerabilities they currently have.

Beware of “ransomware system update” emails!
Emails related to the Colonial Pipeline ransomware attack that appear to have been sent by the company’s IT help desk have reached employees’ inboxes asking them to download and run a “ransomware system update” .

Companies that use Microsoft Teams are exposed to potential risks
75% of organizations have deployed Microsoft Teams without adequate governance or security, leaving them vulnerable to internal and external threats.

Defending COVID-19 Vaccine Adoption Using Cyber ​​Security Industry Best Practices
Around the world, COVID-19 vaccines have created a complex web of converging social, economic and cultural forces, resulting in a variety of threats to be addressed. In this two-part series, we examine the different types of security threats our global vaccination efforts face and what our government and the private sector can do to protect them, starting with cybersecurity.

What happens to email accounts if their credentials are compromised?
Agari researchers entered unique credentials from fake individuals into phishing sites posing as widespread corporate applications and waited to see what the phishers would do next with the compromised accounts.

The future of FISA
Recent events such as the recent ransomware attack on the Colonial Pipeline and the continuing and increasing threats from cyber and other foreign terrorism have made it clear that FISA is more important than ever.

Digital criminals are turning to vaccines to take advantage of COVID-19
Cyber ​​criminals continue to capitalize on the hysteria and worry caused by COVID-19, both in the physical and digital ecosystems, and capitalize on the significant global unmet demand for vaccines.

Mitigation of third party risks through effective cyber risk management
Because systems are so interconnected and third parties often have sensitive information or access to a partner’s systems, they can also be the weak link in the cybersecurity chain.

June 2021 Patch Tuesday: Microsoft fixes six actively used zero days
Microsoft has fixed 50 security vulnerabilities, six of which are zero-days actively being exploited.

Most mobile finance applications are prone to data breaches
77% of finance apps have at least one major vulnerability that could lead to a data breach.

54% of all employees reuse passwords across multiple work accounts
Yubico released the results of a study of current attitudes and adaptability regarding home business cybersecurity, employee training and support in the current global hybrid work era.

Unauthorized access accounts for 43% of all security breaches worldwide
Username and password violations have increased by 450% worldwide, according to a ForgeRock report. Researchers also found that unauthorized access was the leading cause of security breaches for the third year in a row.

Improving Cyber ​​Resilience: What Your Team Needs To Know
After a malicious attack, we often see everyone focused on finding who is responsible, as opposed to how or why the attack took place and the main lessons we can learn from it. That mindset is wrong and here is why.

In order for CISOs and artificial intelligence to evolve, trust is a must
Artificial intelligence (AI) is no longer the future – it’s already being used in our homes, cars, and often in our pockets as well. As technology continues to expand its role in our lives, an important question has arisen: What trust can and should we place in AI systems?

Reformulation of the cyber skills gap
There is a growing appetite for reform in cybersecurity education, especially in universities.

The evolution of cybersecurity within the network architecture
A decade ago, security officers could have seen the effects of an attack almost immediately, since most of it occurred in the top layers of a system, typically through a malware attack. Now, however, threat actors operate with a much broader, longer-term horizon over a longer period of time.

Keeping pace with evolving basic code signing requirements
Although software signing processes and not a code signing certificate caused the SolarWinds incident, its impact helped motivate the industry to strengthen code signing certificates with larger keys in order to create signatures that will remain secure in the future.

Biden’s plan to strengthen US cybersecurity is too soft
Biden’s plan is a good first step, but it lacks one critical component: secure hardware.

Quantum computing is imminent and businesses now need crypto-agility
While quantum computing will lead to advances we cannot yet predict, it will undoubtedly also pose challenges for businesses and their ability to secure information and communication.

How can organizations prioritize contact center security?
One of the biggest mistakes a company can make is not using the same security controls or settings on their contact center or CCaaS as they do on other applications.

New infosec products of the week: June 11, 2021
An overview of the infosec products released last week.