When it comes to security- it's all in the timing
According to Jon-Louis Heimerl, manager, Threat Intelligence Communication Team at NTT Security the most relevant security news is what has already happened. However sometimes it’s what is happening now, or what we anticipate will happen.
Jon-Louis Heimerl, manager, Threat Intelligence Communication Team at NTT Security says that a year ago the General Data Protection Regulation (GDPR) was new, and organisations were really trying to figure out what it would mean for them moving forward.
Now, the GDPR has been in effect for just over a year, and some organisations are still trying to figure it out. But, it appears regulators are still trying to figure it out too. He adds that some pending cases will help clarify compliance requirements, but in the meantime, regulators have mostly taken a conservative approach to fines as they try to harmonise their approach on enforcement.
That makes the €50m fine for Google even more surprising. While it looks like an outlier now, everyone should be paying attention to whether fines are going to trend up, or down.
At the same time, privacy notices, concerns over the use of information by the AdTech industry, the California Consumer Privacy Act, and other developing events all have the power to influence how the GDPR is viewed. Part of that equation is that organisations can’t forget about development and effective upkeep of their compliance programs.
Over the past couple month
He emphasises that no one wants to be the next BIG fine. He adds that researchers have observed a new type of malware targeting Linux systems. "HiddenWasp appears to be used as part of a second-stage attack against already-compromised systems. While attribution is unclear, the purpose of the malware is not – HiddenWasp provides persistence in a targeted system and allows full control of the victim host."
For Heimerl, HiddenWasp also has advanced evasion techniques, giving it a “zero-detection rate” by anti-virus systems.
In the past month
BlueKeep has been big news because CVE-2019-0708 is a serious vulnerability in Microsoft’s Remote Desktop Services, which affects most older versions of Windows. "Worse yet, it requires no credentials or user interaction to exploit, which potentially makes it wormable – so malware which leverages BlueKeep can use it to spread from vulnerable system to vulnerable system. Unpatched, it has the potential to be near the scale of WannaCry."
Heimerl says that Microsoft, along with the NSA and the Department of Homeland Security in the United States all issued warnings about BlueKeep.But luckily Microsoft released patches, even for operating systems which are otherwise out of support. The bad news is that organizations have to go download and install the patch.
Just in June
Recently the Exim Mail Transfer Agent has been the subject of a new vulnerability (CVE-2019-10149) which allows remote code execution. This is important since a recent Shodan search showed nearly three million public-facing Exim servers.
Worse yet, attackers have been exploiting this vulnerability since before it was disclosed.