This Week in Technology

This Week in Technology

By Eric Corcoran
Posted in Technology Week in Review
On August 21, 2020

Monday 8/17

Online and offsite: the future of training and consultancy? (F5)

As offices gradually re-open across the world, the question arises of how many of our old working habits we will return to.

Forescout Sets a New Standard for Securing the Enterprise of Things

The new integrations allow organizations to reduce attack surface, maintain compliance and minimize breach impact across IT, IoT, healthcare and operational technology (OT) environments. Continuous monitoring of segmentation hygiene provides an instant understanding of new risks due to the expanded interconnectivity between traditional IT, cyber-physical and clinical technology domains.

Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities

The security issues allow Safari cookies to be read and dumped, and these packets of data are then used to inject JavaScript-based backdoors into displayed pages via a Universal Cross-site Scripting (UXSS) attack.

Tuesday 8/18

How Online Businesses Can Defeat Application Fraud in a Multi-Cloud World

Businesses need to hold their application security vendors accountable for security outcomes rather than merely the existing functionality that today’s bad actors continually engineer around. Join F5 Networks and Ingram Micro on August 26, at 1:00 PM to discuss what application owners and security teams face next in the world of fraud and cyber-crime. See the link below for registration details.

Bridging the Cybersecurity Skills Gap Through Artificial Intelligence (Fortinet)

As organizations are forced to operate exclusively in reactive mode, they position broad-brush security tools to close the most common avenues of known attacks. Sometimes having to wait until an attack was actively targeting their devices and systems in order to repel them, or far too often, clean up the mess after a stealthy attack was able to break into their system and get out with the data it was looking for.

Citrix enables customer choice with support for VMware Cloud on AWS

Now, within a single management tool, Citrix Virtual Apps and Desktops service allows you to easily manage and provision Citrix workloads to extend your virtual apps and desktops in vSphere as needed, between either on-premises deployments or within VMware-based clouds, starting with VMware Cloud on AWS.

Wednesday 8/19

Making Azure Cloud Environments Even More Secure with CyberArk

The recent release of CyberArk Privileged Access Security Solution v11.5 added capabilities to automate the deployment of CyberArk Vault environments in Azure and support multi-cloud and multi-region configurations options with Azure.

AWS Cryptojacking Worm Spreads Through the Cloud

A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services (AWS) cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency.

Thursday 8/20

How Are You Addressing the NSA/CISA Immediate Recommended Actions?(Forescout)

Without appropriate due diligence, organizations often find that they can check all the boxes when it comes to visibility but are completely unprepared to deal with what they see, such as malware breaches or other nefarious activities. Clearly, asset visibility isn’t enough.

With everyone working from home, VPN security is now paramount

Besides enabling MFA to protect VPN accounts for employees working from home, CISA also recommended that companies review the patching levels of corporate VPN products.

Friday 8/21

Implementing the Zero Trust eXtended (ZTX) Framework with Meta Networks (Proofpoint)

If you ask the folks at Forrester Research, they’ll probably tell you that most organizations still have a long way to go on the road to implementing zero trust security. Partially, “because they're not sure of the concrete technology purchases and organizational changes needed to do so.”

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws

Microsoft has released an out-of-band security update addressing two high-severity elevation-of-privilege (EoP) bugs. Both flaws exist in a service called Windows Remote Access, which provides remote-access capabilities to client applications on computers running Windows.