Cybersecurity Digest #19: 15/02/2021 – 26/02/2021

Cybersecurity News

Cybersecurity Blog Posts

  • Andrew Snyder told about top 2021 banking and fintech security regulations. He highlighted Payment Services Directive 2 (PSD2), California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLB) etc.
  • Galvinize experts explained how to choose between compliance and risk management and why choosing the right approach is so important. Here are some best practices from the experts: to implement a steering committee, to balance goals between aspirational and achievable, to focus on mission-critical systems and data assets, to evaluate GRC products to help streamline the process, to extrapolate the risk insights to other areas of security program and to promote the approach to clients and partners.
  • Shane Cooper shared 5 Things MSPs Should Know Before Adopting EDR. He claims that all security tools with an endpoint agent are basically EDR and that response is a key to a successful EDR solution. He also explains how to maintain with EDR information and what’s behind the EDR hype and how to plan out next steps for adopting EDR at MSP.
  • Check Point presented a new strategy which is addressing three key pillars to address cyberattacks and new attack surfaces: Harmony (highest levels of security for remote employees), CloudGuard (unified and automated approach to secure your cloud), Quantum (enterprise network security for perimeter and datacenter).

Research and analytics

  • Check Point researchers have published Global Threat Index for December 2020. It has revealed that the Emotet trojan has returned to first place in the top malware list, impacting 7% of organizations globally, following a spam campaign which targeted over 100,000 users per day during the holiday season.
  • WhiteHat Security published AppSec Stats Flash Volume 2. Manufacturing continues to have the highest window of exposure with close to 70% of applications in the sector having at least one serious exploitable vulnerability open throughout the year. Additionally, key industries (Public Administration, Real Estate, Health Care, Education, Retail, Utilities) continue to suffer from high windows of exposure (>50%) throughout the year.
  • Recorded Future has announced Q4 2020 Malware Trends Report: year punctuated by ransomware and data breaches concludes with sophisticated SolarWindsa attack.
  • NIST security vulnerability trends in 2020, a research performed by Redscan, has revealed that more security vulnerabilities were disclosed in 2020 (18,103) than in any other year to date–at an average rate of 50 CVEs per day. 57% of vulnerabilities in 2020 were classified as being ‘critical’ or ‘high severity’ (10,342).
  • Cybersecurity experts introduced a new attack method that allows attackers to trick a POS payment terminal into thinking that a Mastercard contactless card is in fact a Visa card. It enables criminals to use a vic-tim’s Mastercard contactless card to pay for expensive goods without knowing the card’s PIN.

Major Cyber Incidents