Week in review: Most effective security practices, worst password offenders, Patch Tuesday forecast

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Here’s an overview of some of last week’s most interesting news, reviews, articles and podcasts:

Open source vulnerabilities go undetected for over four years
For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and developers’ practices regarding vulnerability reporting, alerting and remediation.

How to reduce the risk of third-party SaaS apps
Third-party SaaS apps (and extensions) can significantly extend the functionality and capabilities of an organization’s public cloud environment, but they can also introduce security concerns. Many have permission to read, write, and delete sensitive data, which can have a tremendous impact on security, business, and compliance risk.

Why microlearning is the key to cybersecurity education
Microlearning and gamification are new ways to help encourage and promote consistent cybersecurity learning. This is especially important because of the changing demographics: there are currently more millennials in the workforce than baby boomers, but the training methods have not altered dramatically in the last 30 years.

Which security practices lead to best security outcomes?
A proactive technology refresh strategy and a well-integrated tech stack are, according to a recent Cisco report, two security practices that are more likely than many others to help organizations achieve goals such as keeping up with business, creating security culture, managing top risks, avoiding major incidents, and so on.

Hackers are targeting the COVID-19 vaccine supply chain
Unknown hackers have been trying to compromise accounts and computer systems of employees in organizations involved in the COVID-19 vaccine supply chain.

Review: The Perfect Weapon
Released at the peak of the US 2020 election campaign and just before the election itself, the documentary examines the harsh reality of today’s conflicts between nations, relying not so much on physical weapons but rather on attacking the enemy in a more stealthy and unpredictable way, with cyber weapons.

How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same…