Monday 3/1
NSA Releases Guidance on Zero Trust Security Model
CISA encourages administrators and organizations review NSA’s guidance on Embracing a Zero Trust Security Model to help secure sensitive data, systems, and services.
http://bit.ly/3sxsOS0
Cloud Kickoff Guide: Starting your cloud journey on the right foot (Citrix)
We saw an opportunity to condense the basic, foundational information all our Citrix Cloud customers need into a single resource — almost like a pre-planning guide — to serve as an approachable complement to our many in-depth technical onboarding resources.
http://bit.ly/3dXWrIs
Tuesday 3/2
Pandemic Cyber Crime, By the Numbers (CyberArk)
As we approach the one-year mark, here’s a look back at some of the most eye-opening industry cybersecurity statistics from this period of unprecedented change.
http://bit.ly/30iqNNP
ObliqueRAT Trojan now lurks in images on compromised websites
Previously, Microsoft Office documents would be sent via phishing emails to a target that contained malicious macros leading to the direct deployment of ObliqueRAT. Now, however, these maldocs are directing victims to malicious websites instead -- likely in a bid to circumvent email security controls.
http://zd.net/3kDw63v
Wednesday 3/3
Mobile Authentication on IGEL Devices with Citrix Workspace
The combinations of authentication apps and thin clients are endless nowadays. With the many different types of technologies out there though, not every combination has been documented. At a recent customer engagement, there was a combination of products that isn’t very common, at least not yet, being implemented in an IGEL environment.
http://bit.ly/3q9jylM
Vulnerabilities, Threats, Exploits and Their Relationship to Risk (F5)
The tale of The Three Little Pigs can teach us more than you think about cybersecurity risk. F5 Labs explains here.
http://f5so.co/9F68C6
Palo Alto Networks Completes Acquisition of Bridgecrew
Palo Alto Networks will build on Bridgecrew's platform innovations with enhanced capabilities, including adding new frameworks, expanding the number of checks and increasing the depth of coverage.
http://prn.to/3e4nMsh
Thursday 3/4
Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.
https://cyber.dhs.gov/ed/21-02/
COVID-19 website warning: rise in vaccine-related domain registrations means increased risk of scams (Check Point)
Check Point Research (CPR) confirms that the number of domains featuring the word “vaccine” in their title has significantly increased over the past 4 months, as the global vaccine rollout was being prepared and launched.
http://bit.ly/3qjAJRs
Protecting Against Evolving Ransomware Attack Trends (Fortinet)
Ransomware leverages social engineering attacks, preying on fears as a way to execute malicious code on devices. With this in mind, cyber hygiene must start as a board-level conversation.
http://bit.ly/3uWvScH
Friday 3/5
Microsoft: We're cracking down on Excel macro malware
Microsoft is expanding the integration of its AMSI with Office 365 to include the scanning of Excel 4.0 XLM macros at runtime, bringing AMSI in line with VBA.
http://zd.net/3sSYFNj
XDR: Making an Impact on the SOC (FireEye)
XDR promises to provide better technology integration between data sources and security operations to accelerate detection and response, all while reducing integration and security engineering headaches that plague SecOps teams today.
http://bit.ly/2O2Eei4