Inside Canada's phishing epidemic; Plus, why security awareness needs a makeover

Security Digest: A roundup of security technology content from TechTarget

Security Digest Information security news and advice from TechTarget's network |August 19, 2020 FEATURED STORY Email enigma: Why is Canada hit with so many phishing attacks? by Arielle Waldman, News Writer Canada has become an increasingly popular target for phishing attacks, according to several security vendors, but the reasons for the increase remain a mystery. Advertisement NEWS   Kaspersky reveals 2 Windows zero-days from failed attack Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer.   Healthcare CISO offers alternatives to 'snake oil' companies Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salespeople and more at his Black Hat USA 2020 talk.   Games, not shame: Why security awareness training needs a makeover Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior.   Apache Struts vulnerabilities allow remote code execution, DoS The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall. EXPERT ADVICE   'Secure by Design' principles include failures, exceptions Using design principles with built-in security, along with properly defining exceptions, can help developers not only build safe code, but do so while meeting deadlines.   10 RDP security best practices to prevent cyberattacks Securing remote connections is critical, especially in a pandemic. Enact these RDP security best practices at your organization to prevent ransomware, brute-force attacks and more.   How to handle Amazon S3 bucket pen testing complexity Security researcher Benjamin Caudill shares details from his book, 'Hands-On AWS Penetration Testing with Kali Linux,' and advice on Amazon S3 bucket pen testing for ethical hackers.   Exception handling best practices call for secure code design Making software secure by design requires tremendous consideration about how failures are handled. Learn more from these exception handling examples.   Hands-on guide to S3 bucket penetration testing Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide.   The 5 CMMC levels and how to achieve compliance While the CMMC certification process is still in development, IT leaders should get familiar with the five CMMC levels and learn how to comply with the security maturity model. About This E-Newsletter The Security Digest is published by TechTarget, Inc., 275 Grove Street, Newton, Massachusetts, 02466 US. Click to: Unsubscribe. You are receiving this email because you are a member of TechTarget. When you access content from this email, your information may be shared with the sponsors or future sponsors of that content and with our Partners, see up-to-date Partners List, as described in our Privacy Policy. For additional information, please contact: webmaster@techtarget.com. © 2020 TechTarget, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners. Privacy Policy | Partners List