Welcome to May, dear readers! But since we’re in only the first day of the month, I don’t think it’s too late to highlight a fantastic post from Tripwire in celebration of “National Poetry Month—Cybersecurity Edition.” My favorite was probably the “On Patching” haiku.
Alas, the national celebration of poetry has concluded, and we have officially made it to May. It’s the month that is supposed to bring us flowers and sunlight. Many things will come into bloom. Hopefully, as nature grows and matures around us, so too will your organization’s overall security posture. Now is a time for renewal, so take advantage of the opportunity to look at your policies, plans and procedures to determine where you can improve. Don’t just take my word for it, though. An opinion piece published in The Hill similarly argued, “There is no substitute for rigorous preparedness, immediate mitigation of threats is a necessity, and willful ignorance for whatever reasons will end in tragedy.” If you’ve been binging on Game of Thrones, you know about tragic endings, so start changing the narrative now.
Fortunately, my little pep talk is over, which means that it’s time to take a look at what else made cybersecurity headlines this week.
May 1: Multiple government agencies and industry associations, including the Department for Digital, Culture, Media and Sport, the National Cyber Security Centre and SANS Institute have launched the Cyber Discovery virtual cyber school initiative, which offers online cybersecurity challenges to school-aged children.
Apr. 30: Microsoft has set forth a new strategy of “patching people” in an effort to mitigate the threat of human-operated ransomware campaigns.
Apr. 30: After an unsuccessful second attempt at implementing an app that would enable remote learning for the students of Fairfax County Public Schools, the district’s Assistant Superintendent of Information Technology, Maribeth Luftglass, resigned from the position she had held for more than a decade.
Apr. 30: ZDNet reported, “Hyper-competitive online gaming has led to a ready market for cheats. But security experts warn that the skills involved with crafting cheats can easily be used for developing and selling malware.”
Apr. 29: Last month’s vulnerability in the WordPress theme plugin OneTone is reportedly being exploited by hackers who have successfully been installing backdoor admin accounts to compromise entire sites, Naked Security reported.
Apr. 29: Scammers have been exploiting a proprietary software embedded in more than 400 apps in the Google Play Store and using them to direct users to malicious websites, Cyberscoop reported.
Apr. 29: GitLab paid out a $20,000 bounty to security researcher William Bowling, who reported the vulnerability he discovered through the company’s bug bounty program on HackerOne, according to Security Week.
Apr. 28: Threatpost reported, “According to Nate Warfield, senior security program manager at Microsoft, new vulnerabilities found in network and Internet-of-Things (IoT) equipment are being weaponized by cybercriminals within days of disclosure—and sometimes hours.”
Apr. 27: The Center for Digital Education highlighted, “The 5 Key Components of a Comprehensive Approach to Cybersecurity in Education,” which include identify, protect, detect, respond and recover.
Apr. 27: Security Boulevard reported on a Ponemon study, The 2020 Cost of Insider Threats Global Report, which found that the cost of insider threats has increased by 31%.