All about Virtualization and Cloud Security | Recent Articles:

• 60 percent of users employ one or more passwords across multiple accounts
• Cyber criminals exploit user negligence to steal credentials and attempt logins across various sites
• The increasing prevalence of credential stuffing attacks correlates with an increase in leaked credentials available on the dark web
• Many reports received by the FBI indicate the use of botnet credential stuffing

• 36% of respondents say they don’t need privileged access to do their jobs but have it anyway
• 85% of IT pros say the risk is either unchanged or increasing in the next 12 to 24 months
• 60% of respondents working in government find it difficult to detect insider threats because behavior is consistent with the individuals’ role and responsibility
• Respondents in the commercial sector say their current cybersecurity tool stack yields too many false positives and more data than can be reviewed in a timely fashion

• CISA is aware of active exploitation of Netlogon bug
• A remote attacker can exploit the vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access
• Agency urges admins to applyi patches from Microsoft’s August 2020 Security Advisory for CVE-2020-1472

• New phishing campaign uses the European Union’s General Data Protection Regulation (GDPR) compliance as a lure
• Attackers are targeting businesses in several industries
• Emails also target high-profile individuals (executives and upper management)

• Chief Information Security Officers are preparing for an average of 3.3 security compliance standard audits over the next six to 12 months
• Of the CISOs working for software companies, 77% said they were preparing for SOC-2 audits
• Security seniors are worried about their current resources facing upcoming audits and security compliance

• Simulated phishing campaign reveals recipients typically open the email 50% of the time, 32% click the malicious attachment or link, and 13% submit sensitive data
• Employees in Quality Management & Health, Purchasing / Administrative Affairs, Legal / Internal Control, Human Resources, and Research & Development have the highest rates opening and interacting with malicious emails
• Phishing attacks are winning because they target fundamental and typical human nature, researchers say

• The adoption of telehealth vendors has significantly expanded healthcare providers' attack surface
• Researchers find a noticeable increase in leaks from primary healthcare and telehealth companies on the dark web since February 2020
• Threat actors use strains of ransomware that are uniquely tailored to take down healthcare IT infrastructures
• Despite new risks from telehealth vendors, the healthcare sector has improved its security posture compared to 2019

• Ransomware retakes the lead (from business email compromise) as the top cyber insurance claim the first half of the year
• Analysts observed a 47% increase in the severity of ransomware attacks, on top of a 100% increase from 2019 to Q1 2020
• Ransomware (41%), funds transfer loss (27%), and business email compromise incidents (19%) were the most frequent types of loss

• 94% of IT pros have experienced a data breach at some point in time
• 79% are worried their current employer could be next
• Employee data breaches most commonly occur through external email services such as Gmail and Outlook

• 88% of data breaches are caused by human error
• Employees between the ages of 18 and 30 are five times more likely to admit to errors that compromised cybersecurity
• IT reps can leverage integrated Risk Management and Analytics to address misconfigurations and vulnerabilities, including human-triggered ones

• 84% of companies say their vulnerability management is efficient
• Researchers find a significant disconnect between perception and reality
• Organizations must update and automate remediation processes

Most companies place a lot of trust in their vulnerability management programs, with 84% of IT leaders rating them as "mature." However, a deeper dive into the state of vulnerability management at various companies reveals a major disconnect between that perception and reality.

• Data storage, remote access and network administration are most prevalent services exposing sensitive data
• Unsafe services are linked to other security issues in the digital supply chain
• Ukraine, Indonesia, Bulgaria, Mexico and Poland are among countries with the highest rate of domestically hosted systems running unsafe services

A third of companies in the digital realm expose unsafe services to the internet and exhibit several other critical security lapses, according to an in-depth study on the prevalence of unsafe network services.