New York Tech Media
  • News
  • FinTech
  • AI & Robotics
  • Cybersecurity
  • Startups & Leaders
  • Venture Capital
No Result
View All Result
  • News
  • FinTech
  • AI & Robotics
  • Cybersecurity
  • Startups & Leaders
  • Venture Capital
No Result
View All Result
New York Tech Media
No Result
View All Result
Home Cybersecurity

Week in review: Intel chip flaw, shedding light on hidden root CAs, Emotet stages a comeback

New York Tech Editorial Team by New York Tech Editorial Team
November 21, 2021
in Cybersecurity
0
Week in review: Popular npm package hijacked, zero trust security key tenets, wildcard certificate risks
Share on FacebookShare on Twitter

week in review

Here’s an overview of some of last week’s most interesting news, articles and interviews:

Researchers shed light on hidden root CAs
How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. universities and Qihoo 360, the company developing the 360 Secure Browser, have collected 5 months worth of certificate data from volunteer users and analyzed certificate chains and verification statuses in web visits.

Intel chip flaw could enable attacks on laptops, cars, medical devices (CVE-2021-0146)
Researchers uncovered a vulnerability in Intel Processors that could affect laptops, cars and embedded systems. The flaw (CVE-2021-0146) enables testing or debugging modes on multiple Intel processor lines, which could allow an unauthorized user with physical access to obtain enhanced privileges on the system.

Emotet stages a comeback via Trickbot and spam
According to the researchers, whoever is trying to bring the Emotet botnet back online has started by using the Trickbot botnet to drop the malware, and then added the tried and tested method of sending spam with attachments and links to it.

GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts
GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry.

How to achieve permanent server hardening through automation
Information security standards such as PCI DSS and ISO 27001 and regulations such as HIPAA and CMMC mandate system hardening as one of the most basic defenses against cyber intrusions. The reason for this should be obvious to anyone: What’s the point of implementing more advanced security measures and protections if you don’t first bolt all the unnecessary “doors” through which attackers can enter your systems and networks?

The future of digital infrastructure: Top 10 predictions
IDC’s top 10 predictions for the future of digital infrastructure point to a digital infrastructure strategy that addresses resiliency and trust; data-driven operational complexity; and business outcomes-driven sourcing and autonomous operations.

How do I select a policy automation solution for my business?
To select a suitable policy automation solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

Top risks auditors should cover in their 2022 audit plans
Ransomware and the long-term effects of COVID-19 on markets and organizations are key items to cover in 2022 audit plans, according to a Gartner report. The report also identified evolving societal expectations for enterprises, such as environmental, social and governance (ESG) risks, and operational resilience as top risk areas for 2022.

Cloud compliance: Falling out of it could spell doom
In this Help Net Security interview, Bill Tolson, VP of Global Compliance and eDiscovery at Archive360, talks about the importance of cloud compliance and what companies can do meet the requirements when shifting to the cloud.

Healthcare organizations at risk: The attack surface is expanding
Armis released data showing the increased security risk faced by healthcare organizations and patients as an increase in connected devices creates an expanded attack surface, putting the patient journey at risk.

The latest trends in online cybersecurity learning and training
In this interview with Help Net Security, Mike Hendrickson, VP of Technology & Developer Solutions at educational technology company Skillsoft, talks about the trends in online cybersecurity learning and training that have emerged in the last few years.

Digital life after death: Do you have a password-sharing plan in place?
COVID-19 triggered many American Millennials to finally begin estate planning, according to new research, which found 72% of those respondents with wills created or updated them in the past year. Moreover, 34% of Millennials broached the subject of a digital handover with their parents in the past year.

How to improve your SaaS security posture and reduce risk
In this Help Net Security interview, Maor Bin, CEO at Adaptive Shield, talks about the SaaS security space and how Adaptive Shield help security teams gain control over their SaaS security landscape.

10,000+ websites and apps are vulnerable to Magecart
Some of the world’s largest companies across retail, banking, healthcare, energy and many other sectors, including Fortune 500, Global 500 and governments are failing to prevent Magecart attacks, Cyberpion research revealed.

How to handle third-party security risk management
In this Help Net Security interview, Demi Ben-Ari, CTO at Panorays, talks about third-party security risk management and the repercussions of a third-party breach. He also discusses the Panorays platform that automates, accelerates and scales customers’ third-party security evaluation and management process.

Cultural divide between IT and OT teams leaves 65% of organizations unable to secure both environments
Only 21% of organizations have achieved full maturity of their ICS/OT cybersecurity program, in which emerging threats drive priority actions and C-level executives and the board are regularly informed about the state of their OT security, a Ponemon Institute report reveals.

When it comes to securing systems against quantum computers, there is no one-size-fits-all solution
Quantum computers will rapidly solve complex mathematical problems. This includes the ability to break both RSA and ECC encryption in seconds. In response, NIST has been leading an effort to define new cryptographic algorithms that will withstand attacks from quantum computers.

Zoom patches vulnerabilities in its range of conferencing apps
Zoom has patched vulnerabilities in its range of local solutions for conferences, negotiations and recordings – Zoom Meeting Connector Controller, Zoom Virtual Room Connector, Zoom Recording Connector and others.

When cybersecurity becomes terrifying
Some cybersecurity horror stories are not your typical horror stories: there’s no danger from a chainsaw-wielding maniac hiding behind a server rack, the Candyman won’t appear if you say his name three times while staring at your 4K monitor, and it’s not like a vampire or werewolf can bite into a firewall.

Operational technology and zero trust
The recent push to adopt zero trust across industries is focused mainly on information technology (IT) and remote workforces, rather than the entire organization, including any operational technology (OT) in use. This leaves a significant portion of the organization unprotected and at risk.

We need a Cyber Awareness Century
For a generation of people that panic if they leave home without their phone or in the event of a social media outage, we are still very unequipped to handle the internet’s possibilities securely.

Combating cybercrime: Lessons from a CIO and Marine veteran
Combating cybercrime is exponentially more difficult than combating traditional criminal activities, as technologies and techniques make it very easy for cybercriminals to hide their true identities, locations, and allegiances. It’s a sobering situation, one that has resulted in extensive intellectual property theft, enormous financial losses, and the disruption of supply chains that deliver essential goods.

Illuminating the path: Compliance as the key to security-by-design
Like taxes or going to the dentist, compliance is one of those topics that people often don’t like to contemplate. There are many reasons for the distaste but this “anything-but-compliance” mindset can lead to problems.

The six most common threats against the device that knows you best
What is the most intimate relationship in your life—aside from your partner, your children or your parents? For many of us, it’s our mobile phone. It’s the last thing we see before sleep, and it’s usually the first thing in our hands each morning.

Bots are lurking in your zombie and shadow APIs
By far this year’s biggest trend that we’ve observed in the land of APIs is that every organization has shadow and zombie APIs and they’re a much bigger issue than most people want to believe. Maybe they’re taking the “If I’ve never seen it, then it doesn’t exist” approach to API security.

Lack of API visibility undermines basic principle of security
One of the oldest principles of security is that you cannot secure what you cannot see. Visibility has always been the starting place for monitoring and protecting attack surface and valuable resources.

eBook: Biometric Authentication For Dummies
Online biometric authentication enables governments, banks and other enterprises to securely verify user identity. In Biometric Authentication For Dummies, iProov explains everything you need to know about how it works and why it offers the highest levels of security, usability and privacy.

Report: The ROI of Modern Pentesting 2021
Does your pentesting program bring enough value? Find out in this exclusive in-depth report comparing Pentest as a Service (PtaaS) vs. traditional consulting engagements and check out our ROI calculator to learn how PtaaS can double your pentesting impact.

New infosec products of the week: November 19, 2021
Here’s a look at the most interesting product releases from the past week, featuring releases from 1Password, Fortanix, Jetico, Palo Alto Networks, Saviynt, StorONE, Viavi Solutions and WatchGuard.

Credit: Source link

Previous Post

Jennifer Lopez’s Dad Founded His Own Startup in Silicon Valley After He Closed Her Pasadena Restaurant

Next Post

Israeli Startups & Tel Aviv Noir w/ Author & VC Investor Michael Fertik | Israel Unfiltered

New York Tech Editorial Team

New York Tech Editorial Team

New York Tech Media is a leading news publication that aims to provide the latest tech news, fintech, AI & robotics, cybersecurity, startups & leaders, venture capital, and much more!

Next Post
Israeli Startups & Tel Aviv Noir w/ Author & VC Investor Michael Fertik | Israel Unfiltered

Israeli Startups & Tel Aviv Noir w/ Author & VC Investor Michael Fertik | Israel Unfiltered

  • Trending
  • Comments
  • Latest
Meet the Top 10 K-Pop Artists Taking Over 2024

Meet the Top 10 K-Pop Artists Taking Over 2024

March 17, 2024
Panther for AWS allows security teams to monitor their AWS infrastructure in real-time

Many businesses lack a formal ransomware plan

March 29, 2022
Zach Mulcahey, 25 | Cover Story | Style Weekly

Zach Mulcahey, 25 | Cover Story | Style Weekly

March 29, 2022
How To Pitch The Investor: Ronen Menipaz, Founder of M51

How To Pitch The Investor: Ronen Menipaz, Founder of M51

March 29, 2022
Japanese Space Industry Startup “Synspective” Raises US $100 Million in Funding

Japanese Space Industry Startup “Synspective” Raises US $100 Million in Funding

March 29, 2022
UK VC fund performance up on last year

VC-backed Aerium develops antibody treatment for Covid-19

March 29, 2022
Startups On Demand: renovai is the Netflix of Online Shopping

Startups On Demand: renovai is the Netflix of Online Shopping

2
Robot Company Offers $200K for Right to Use One Applicant’s Face and Voice ‘Forever’

Robot Company Offers $200K for Right to Use One Applicant’s Face and Voice ‘Forever’

1
Menashe Shani Accessibility High Tech on the low

Revolutionizing Accessibility: The Story of Purple Lens

1

Netgear announces a $1,500 Wi-Fi 6E mesh router

0
These apps let you customize Windows 11 to bring the taskbar back to life

These apps let you customize Windows 11 to bring the taskbar back to life

0
This bipedal robot uses propeller arms to slackline and skateboard

This bipedal robot uses propeller arms to slackline and skateboard

0
Coffee Nova’s $COFFEE Token

Coffee Nova’s $COFFEE Token

May 29, 2025
Money TLV website

BridgerPay to Spotlight Cross-Border Payments Innovation at Money TLV 2025

May 27, 2025
The Future of Software Development: Why Low-Code Is Here to Stay

Building Brand Loyalty Starts With Your Team

May 23, 2025
Tork Media Expands Digital Reach with Acquisition of NewsBlaze and Buzzworthy

Creative Swag Ideas for Hackathons & Launch Parties

May 23, 2025
Tork Media Expands Digital Reach with Acquisition of NewsBlaze and Buzzworthy

Strengthening Cloud Security With Automation

May 22, 2025
How Local IT Services in Anderson Can Boost Your Business Efficiency

Why VPNs Are a Must for Entrepreneurs in Asia

May 22, 2025

Recommended

Coffee Nova’s $COFFEE Token

Coffee Nova’s $COFFEE Token

May 29, 2025
Money TLV website

BridgerPay to Spotlight Cross-Border Payments Innovation at Money TLV 2025

May 27, 2025
The Future of Software Development: Why Low-Code Is Here to Stay

Building Brand Loyalty Starts With Your Team

May 23, 2025
Tork Media Expands Digital Reach with Acquisition of NewsBlaze and Buzzworthy

Creative Swag Ideas for Hackathons & Launch Parties

May 23, 2025

Categories

  • AI & Robotics
  • Benzinga
  • Cybersecurity
  • FinTech
  • New York Tech
  • News
  • Startups & Leaders
  • Venture Capital

Tags

3D bio-printing acoustic AI Allseated B2B marketing Business carbon footprint climate change coding Collaborations Companies To Watch consumer tech crypto cryptocurrency deforestation drones earphones Entrepreneur Fetcherr Finance Fintech food security Investing Investors investorsummit israelitech Leaders LinkedIn Leaders Metaverse news OurCrowd PR Real Estate reforestation software start- up Startups Startups On Demand startuptech Tech Tech leaders technology UAVs Unlimited Robotics VC
  • Contact Us
  • Privacy Policy
  • Terms and conditions

© 2024 All Rights Reserved - New York Tech Media

No Result
View All Result
  • News
  • FinTech
  • AI & Robotics
  • Cybersecurity
  • Startups & Leaders
  • Venture Capital

© 2024 All Rights Reserved - New York Tech Media