Unpatched SaltStack flaws exploited; RDP security under fire -- again

Security Digest: A roundup of security technology content from TechTarget

Security Digest Information security news and advice from TechTarget's network |May 06, 2020 FEATURED STORY Critical SaltStack vulnerabilities exploited in several data breaches by Rob Wright, News Director and Arielle Waldman, News Writer SaltStack patched two critical vulnerabilities in its software last week, but hackers used the flaws over the weekend to breach several unpatched networks, including DigiCert's. Advertisement NEWS   Bugcrowd launches 'classic' penetration testing service The crowdsourcing security company launched the Bugcrowd Classic Pen Test service to offer enterprises a more cost-effective and efficient way to test their cybersecurity posture.   Risk & Repeat: RDP security under fire amid COVID-19 This week's Risk & Repeat podcast looks at how Microsoft's Remote Desktop Protocol, already a popular vector with hackers, has received even more attention during the pandemic.   Shade ransomware decryptor released with 750,000 keys Kaspersky Lab released a decryptor tool after operators behind the ransomware variant announced a shutdown of operations and issued an apology for any harm caused.   Building security and privacy into contact-tracing apps Governance and data decentralization are among measures that organizations can take to mitigate security and privacy concerns over contact tracing apps, according to RSA. EXPERT ADVICE   Comparing policies, standards, procedures and technical controls Infosec pros may have -- incorrectly -- heard the terms standard and policy used interchangeably. Examine the differences among a policy, standard, procedure and technical control.   SSL certificate best practices for 2020 and beyond SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more.   CISO position burnout causes high churn rate The nature of the CISO role can take a toll, say industry vets, with frustration and stress contributing to high turnover rates and burnout. Learn how to make it work.   AI-powered cyberattacks force change to network security Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data.   Mitigating ransomware and phishing attacks during a pandemic Where most see crisis, cybercriminals see opportunity. Learn how security leaders can meet the challenges of mitigating ransomware threats and phishing attacks during a pandemic.   One security framework may be key to cyber effectiveness The Mitre ATT&CK security framework could best enable effective cybersecurity, according to The Chertoff Group, as could joining information sharing and analysis organizations. About This E-Newsletter The Security Digest is published by TechTarget, Inc., 275 Grove Street, Newton, Massachusetts, 02466 US. Click to: Unsubscribe. You are receiving this email because you are a member of TechTarget. When you access content from this email, your information may be shared with the sponsors or future sponsors of that content and with our Partners, see up-to-date Partners List, as described in our Privacy Policy. For additional information, please contact: webmaster@techtarget.com. © 2020 TechTarget, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners. Privacy Policy | Partners List