Cyber Weekly Digest - Week #33
Updated: Aug 21, 2020
This week's digest will dive into some of the most exciting stories of the week including the Microsoft patch Tuesday, SANS Institute ironically becoming a victim to phishing and new reports on the concerns IT professionals have with cloud security. Let's take a look at what happened.
1. Microsoft dropped another major Patch Tuesday update this week which addressed 120 new vulnerabilities, making it the sixth month in a row Microsoft has fixed more than 100 flaws. The most important of the vulnerabilities were two critical zero-days which are actively being exploited. The first being a spoofing vulnerability that exists in a virtually supported version of Windows which allows the attacker to bypass security features and load improperly signed files. The more concerning is a remote code execution weakness in Internet Explorer's scripting engine which allows attackers to execute malicious code allowing an unauthorised user to take control of other parts of the victim’s system.
2. The SANS Institute revealed this week that it had been the victim of a phishing attack, which almost 30,000 records of personally identifiable information were exposed. A single phishing email was identified as the vector of attack. 513 emails were forwarded to an unknown external account which included data belonging to individuals who were registered to one of its virtual summits. SANS Institute added that it is looking into running an online session once it has investigated further so that it can share information and increased awareness on phishing attacks. The attack shows how phishing can be a threat to any organisation.
3. Travelex’s administration shows the financial impact that cyber-attacks can have as over 1000 jobs lost. PwC was appointed as administrator for Travelex announcing that the ongoing pandemic and the impact of the cyber-attack it experienced in December last year has “acutely impacted the business”. Reports suggested that the criminals demanded a $4.6 million ransom in return for the deletion of stolen data and the decryption key.
4. CompTIA has announced a free 6-month training program to develop new cyber talent; it is accepting applicants for North West and West Midlands. Although it encourages applicants with previous IT knowledge, it is designed to ensure those with other commitments and time limitations will not be disadvantaged. The world’s largest online cyber security development platform Cybrary also released an instalment of free online courses to support those considering cyber security careers. These free training programs and resources are great for encouraging more people to get into cyber security careers.
5. New reports and surveys this week have highlighted the concerns around Cloud security. CheckPoint’s 2020 Cloud Security report showed that three-quarters of industry professionals it interviewed were “very” or “extremely” concerned about cloud security. Tripwire’s survey also emphasised the concerns IT professionals have about cloud security, with 76% of professionals’ interviews claiming that they have difficulty maintaining security configurations in the cloud. Both surveys showed that there were strong concerns with human error and a lack of qualified staff.