Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ransomware hit Louisiana’s state government hard yesterday, shutting down multiple websites and email systems after it fell victim for the second time in just a few months to a ransomware attack.

This is a follow-up/continuation to Part One of the series, where I recommend reading to help provide some background into why we should all consider reviewing our OPSEC (Operational Security), not just those with something to hide. Have you actually thought about how much you are tracked on a daily basis? Think about everything you post on social media, what you search, the apps that are generating metadata (with or without your consent), what your phone knows about you.

As business adoption of cloud services continues to grow at a rapid pace, so does the need to adapt security methods to accommodate the myriad of options. Traditional best practices often still provide a solid foundation from which to build on, but depending upon the technologies you opt to migrate to the cloud, different challenges and solutions need to be explored in order to ensure that your security operations can maintain visibility and control and prevent critical risks and vulnerabilities.

According to IBM, 98 percent of companies will be using multiple hybrid cloud environments by 2021. This trend isn’t surprising. There are many benefits to operating in the cloud such as improved productivity, an increase in elasticity and huge cost-savings, to name a few. However, we keep seeing a range of issues when it comes to cloud security.

One cannot underestimate the effect that the ongoing skills gap is having on organizations’ digital security strategies. Gartner estimates that the global number of unfilled digital security positions is expected to grow to 1.5 million by 2020. Reflecting this trend, more than 70 percent of organizations feel that hiring skilled infosec personnel became harder between 2017 and 2019.

Yet another company has been found lacking when it comes to securing its consumers’ data. Utah-based InfoTrax Systems provides back-end services to multi-level marketing companies (MLMs) such as dōTERRA, ZanGo, and LifeVantage, providing website portals where individuals can register as a distributor, sign-up new distributors, and place orders for themselves and end consumers.

Researchers have detected a new ransomware family they’re calling “PureLocker” which attackers are using to target enterprises’ production servers. Intezer detected a sample of the ransomware masquerading as the Crypto++ C++ cryptography library. In their analysis of the sample, they noticed something unusual when they saw that alleged library contained functions related to music playback.

How many times has a vendor released a critical cybersecurity patch for an operating system that is in “end of life” (EOL), or the lifecycle period where the vendor no longer issues patches for bug fixes, operational improvements and cybersecurity fixes free of charge? So if a vendor takes the time and resources to break this freeze and issue a patch for an EOL operating system like it did in response to BlueKeep, what does it tell you?

An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, when its output is tied back to the goals of the enterprise and when there is a reduction in the overall risk of the organization. Such vulnerability management technology can detect risk, but it requires a foundation of people and processes to ensure that the program is successful.

BlueKeep is the name that has been given to a security vulnerability that was discovered earlier this year in some versions of Microsoft Windows’ implementation of the Remote Desktop Protocol (RDP). The vulnerability was described as “wormable” by Microsoft, and users were warned that BlueKeep might be exploited in a similar fashion to how the WannaCry ransomware used the Eternal Blue vulnerability to spread widely in 2017.