• About
  • Privacy Policy
  • Contact
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
No Result
View All Result
Home Podcasts

Cyber Security Today, April 20, 2022 – A record year for zero-day bugs, how often do you test backups, and the world’s biggest penetration test returns

Howard Solomon by Howard Solomon
April 20, 2022
in Podcasts, Security
0 0
0
A record year for zero-day bugs, how often do you test backups, and the world’s biggest penetration test returns. Welcome to Cyber Security Today. It’s Wednesday, April 20th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  A record number of zero-day vulnerabilities were found and disclosed last year. That’s according to a report this week from Google. A zero-day vulnerability is a bug exploited by attackers before a developer can create a patch. Google says 58 zero-days were found in 2021, compared to 25 the year before. That’s the bad news. The good news is that Google doesn’t think this is because software developers are getting worse at creating secure code. It’s just that the ability of security researchers to spot zero-days being exploited has increased. Also, more software companies are disclosing zero days in their applications. But not all. So that means it’s highly likely there were more zero-day vulnerabilities than 58 found last year. What can you do? If your firm develops software, make sure it publicly discloses if a vulnerability is being exploited. Developers should work harder at reducing memory corruption vulnerabilities. And security researchers should share exploit examples. It’s important that IT departments regularly test their ability to restore backup data for two reasons: First, to make sure backup data hasn’t been corrupted. And second, to give the IT team practice. How often should you test data restoration procedures? Here’s a yardstick from a survey of 620 IT pros in North America and Western Europe out this week from the IT analyst firm Enterprise Strategy Group: Thirteen per cent of respondents said they test daily, 28 per cent said they test weekly, 14 per cent said they test every other week, 23 per cent said they test monthly. In short, 78 per cent of organizations in this study test their data recovery skills at least once a month. How do you compare? Here’s another interesting stat from the same survey. It asked respondents how long it would take their organization to restore mission-critical data after an incident. Forty-six per cent said it would take at least six hours, 35 per cent said it would take less than six hours and 17 per cent said they could do it in less than an hour. Think you have a tough penetration test? How about one involving 2,000 participants from 30 countries. That’s what’s going on this week in the largest international cyberwar exercise. It’s an annual test involving members of NATO and invited countries called Locked Shields. Organized by NATO’s Co-operative Cyber Defence Centre of Excellence, the goal is to test the ability of IT staff to work together to protect critical infrastructure in a simulated war. In this year’s scenario, a fictional island country is experiencing hostile events and co-ordinated cyberattacks. Essentially, it’s one big red-team blue-team fight. The blue team defenders play the role of national cyber rapid reaction teams to help the fictional country handle the attacks. Last year’s exercise involved about 5,000 virtual systems configured to be military, financial, government, telecom, utility, manufacturing and other IT systems. Defenders faced more than 4,000 attacks over several days. QNAP has issued several warnings recently about cyber attacks on its network-attached storage devices. Now it’s advising IT administrators to disable Universal Plug and Play Port Forwarding. UPnP forwards ports to other devices, which allow NAS devices to communicate more efficiently. But it’s not a secure protocol. So QNAP says its storage devices should be behind a router and firewall. Remote access should be done through QNAP’s cloud link service or the VPN server function on a router. Owners of certain consumer models of Lenovo laptops are urged to download and install the latest firmware. This will block three serious vulnerabilities. Devices affected include some Flex-3, IdeaPad3, Legion 5 and Yoga laptops. According to researchers at ESET, the vulnerabilities could be used to disable certain device protections. Finally, does your firm use Lilin brand internet-connected digital video recorders for video surveillance or other purposes? If so, make sure the devices are fully patched. This comes after researchers at Nozomi Networks discovered a piece of malware targeting unpatched Lilin devices. The malware chains infected devices into a botnet. The vulnerability is two years old, so patches should have been installed long ago. Remember links to details about podcast stories are in the text version at ITWorldCanada.com. You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, April 20, 2022 – A record year for zero-day bugs, how often do you test backups, and the world’s biggest penetration test returns first appeared on IT World Canada.
Tags: cyber security todayPrivacy & Security

Subscribe

About Tech News Day

In just 10 minutes you will have all your leadership tech news needs covered. Our Editors browse the top tech news sites for you, get rid of the fluff and post summaries of the best. Our content is created by trained professionals and enhanced for IT leaders using leading edge artificial intelligence.

About

Tech Newsday

Tech News Day picks the new, most relevant tech stories.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways.

SUBSCRIBE

Categories

  • Artificial Intelligence
  • Auto Tech
  • Blockchain
  • Careers & Education
  • Channel Strategy
  • Cloud
  • Communications & Telecom
  • Companies
  • Data & Ananytics
  • Development
  • Digital Transformation
  • Distribution
  • Diversity & Inclusion
  • eCommerce
  • Emerging Tech
  • End User Hardware
  • Engineering
  • Financial
  • Fintech
  • Future of Work
  • Governance
  • Government & Public Sector
  • Human Resources
  • Infrastructure
  • IoT
  • Leadership
  • Legal
  • Legislation & Regulation
  • Managed Services & Outsourcing
  • Marketing
  • Martech
  • Medical
  • Mobility
  • Not for Profit
  • Open Source
  • Operations
  • People
  • Podcasts
  • Privacy
  • Security
  • Service
  • Smart Home
  • SMB
  • Social Networks
  • Software
  • Supply Chain
  • Sustainability
  • Today's News
  • Top Stories This Week
  • Women in Tech
  • Home
  • Today’s News
  • About
  • Privacy
  • Contact

2022 Tech News Day

No Result
View All Result
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News

2022 Tech News Day

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Why are you leaving?

About Tech News Day

Tech News Day is a daily publication featuring key daily news stories about technology and how it affects businesses. We know that you are busy and that there’s a lot of information coming at you. While there are lots of programs that will curate based on what you have already read or followed, Tech News Day picks the new stories that we feel are most relevant.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways. If you want to do a deeper dive and get even more information, we provide a link to at least one of the longer stories from one of our sources (we are often following stories from more than one source).

We also have a daily podcast, published each morning so that you can get the news stories of the day from wherever you get your podcasts.

We hope you find this to be useful to you in keeping up to date in these challenging times. We love your input and opinions. You can use our feedback widget to rate individual stories or you can write us at NewsDesk@technewsday.com.

Click Here

-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00