Review of the week: annual income of CISOs, Atlassian Bitbucket Server and Data Center flaw


Here’s a look at some of the most interesting news, articles, interviews and videos from the past week:

US-based CISOs receive nearly $1 million a year
The role of the Chief Information Security Officer (CISO) is a relatively new senior management position within most organizations and it continues to evolve. To find out how current CISOs landed in this role, their aspirations, the compensation they receive, the risks they face and the responsibilities they take on, analysts from global executive search firm Heidrick & Struggles have asked 327 CISOs (and CISOs in all but name) to participate in their 2022 Global CISO Survey.

NetworkManager 1.40 released, includes 600 fixes
NetworkManager attempts to keep an active network connection available at all times. NetworkManager’s goal is to make network configuration and installation as simple and automatic as possible, while allowing a high level of customization and manual control.

Fix a critical flaw in Atlassian Bitbucket Server and Data Center! (CVE-2022-36804)
A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.

Increase in IoT vulnerability disclosures, up 57%
According to a study by Claroty, vulnerability disclosures impacting IoT devices increased by 57% in the first half (1H) of 2022 compared to the previous six months.

Google invites bug hunters to scrutinize its open source projects
Google wants to improve the security of its open source projects and the third-party dependencies of those projects by offering rewards for bugs found there.

Addressing Cyber ​​Threats in the Energy Sector: Are We on the Right Track?
In this interview for Help Net Security, Katie Taitler, Senior Cybersecurity Strategista at Axonius, talks about cyber threats in the energy sector and what should be improved to ensure this sector is properly protected.

Attackers switch targets from large hospitals to specialist clinics
Critical Insight announced the release of the company’s H1 2022 Healthcare Data Breach Report, which analyzes breach data reported to the US Department of Health and Human Services by healthcare organizations.

Data security relies on clear policies and automated enforcement
Developments in emerging technologies, data privacy, cybersecurity and digital assets are proving beneficial to organizations. Yet, given the level of sensitive and confidential data owned and retained, companies need to know how to advance their policy priorities and stay abreast of debates that impact their business and markets.

An outdated infrastructure that is no match for today’s ransomware challenges
A global study commissioned by Cohesity reveals that nearly half of respondents say their business depends on outdated legacy backup and recovery infrastructure to manage and protect their data. In some cases, this technology is over 20 years old and was designed long before today’s multicloud era and the onslaught of sophisticated cyberattacks plaguing the world.

Can your passwords withstand the dirty tricks of hackers?
Password security depends on the answer to this seemingly simple question. Unfortunately, you can’t know the answer until you hire a ruthless penetration tester to find out if your environment can withstand the chilling password-cracking skills of today’s most infamous hackers. .

The favorite targets of ransomware gangs
Barracuda released its fourth annual Threat Research Report which examines ransomware attack patterns that occurred between August 2021 and July 2022.

Organizational security: emphasizing the importance of data compliance
Protecting an organization’s digital infrastructure is certainly not an easy task. From cloud assets to online devices, clients and websites, to servers, the list goes on and on. In fact, there are so many systems to follow that it is becoming more and more difficult for a company to list all possible security risks and threats. that exist within their organization. Having this 360° view of all potential vulnerabilities that could compromise an organization’s digital security is essential.

1 in 3 organizations don’t know if their public cloud data has been exfiltrated
Laminar has released the results of its Security Professional Insight Survey 2022 conducted at AWS re:Inforce in July 2022 and Black Hat in August 2022. The research revealed gaps in organizations’ defenses that security teams will want to proactively close to reduce their risk of data exposure. A total of 415 security professionals participated, representing both leadership and line roles.

How Just-in-Time Privilege Escalation Prevents Data Breaches and Lateral Movements
By granting users unlimited access to resources, organizations increase the risk associated with internal and external threats. Least privilege based on the Just Enough model and JIT greatly reduces this risk. Implementing these security models gives users, applications, tasks, and commands the minimum level of access required for the duration needed, in time to complete the task.

Creating cyber career opportunities during the talent shortage
In this Help Net Security video, Mark Manglicmot, SVP of Security Services at Arctic Wolf, talks about creating career opportunities in cyberspace during the talent shortage.

Companies underestimate the number of SaaS applications in their environment
A new study focusing on SaaS usage in enterprises in the US, UK and Europe highlights a stark difference between consumption and security of SaaS applications. In fact, the majority of respondents (74%) said that more than half of their applications are now SaaS-based, and 70% of organizations in the UK said they spend more on SaaS applications today than one year ago.

The complexity of modern aircraft cybersecurity
In this Help Net Security video, Josh Lospinoso, CEO of Shift5, talks about modern airplanes and some of the cybersecurity issues that arise from modern technology within those airplanes.

How BEC Attacks on Human Capital Management Systems Are Growing
In this Help Net Security video, Jon Hencinski, VP of Security Operations at Expel, explains how his SOC team recently observed Business Email Compromise (BEC) attacks in multiple customer environments, with security actors threat trying to gain access to human capital management systems. Their objective? Payroll and direct deposit fraud.

Should ransomware payments be banned? Some Considerations
In this Help Net Security video interview, Alex Iftimie, Partner at Morrison & Foerster (MoFo), discusses the possible repercussions of such legislation and, in general, the evolving nature of ransomware attacks and current global efforts to fight against ransomware. threats.

7 metrics to measure the effectiveness of your security operations
In this Help Net Security video, Andrew Hollister, CSO at LogRhythm, talks about measuring the effectiveness of a security operations program.

Best Practices for Kubernetes Security in the Enterprise Market
In this Help Net Security video, Deepak Goel, CTO at D2iQ, talks about best practices for Kubernetes security in the enterprise market.

COVID-19 data put up for sale on the Dark Web
Resecurity, a California-based cybersecurity firm that protects the Fortune 500, has identified leaked PII stolen from Thailand’s Department of Medical Sciences containing information on citizens with symptoms of COVID-19. The incident was discovered and shared with Thai CERT.

Product Showcase: The Stellar Cyber ​​Open XDR Platform
As enterprises face ever-increasing threats and organizational boundaries disappear, security teams are more challenged than ever to deliver consistent security outcomes across the environment. Stellar Cyber ​​aims to help lean enterprise security teams meet this challenge day in and day out.

5 open source vulnerability assessment tools to try
A vulnerability assessment is a methodical examination of network infrastructure, computer systems, and software with the goal of identifying and fixing known security vulnerabilities. Once vulnerabilities are identified, they are ranked according to the importance of fixing/mitigating them as soon as possible. Usually, the vulnerability scanner also provides instructions on how to fix or mitigate discovered flaws.

Infosec Products of the Month: August 2022
Here’s a look at some of the hottest products from the past month, with releases from: AuditBoard, Claroty, Concentric AI, Cymulate, Deepfence, Drata, Fortinet, Halo Security, NetRise, Ntrinsec, PlainID, Privitar, Qualys, Raytheon Technologies, ReasonLabs, Scrut Automation, SimSpace, Sony, Tenacity, Traceable AI, Transmit Security and VIPRE Security.


Comments are closed.