Review of the week: 17 free courses on AWS cybersecurity, powered by Chrome Zero Day
Here’s a look at some of the most interesting news, articles, interviews and videos from the past week:
The blueprint for a highly effective EASM solution
In this Help Net Security interview, Adrien Petit, CEO of Uncovery, discusses the benefits organizations can gain from implementing External Attack Surface Management (EASM) solutions, the critical capabilities that an EASM solution should have and how it handles the discovery of hidden systems.
How should SMBs navigate the phishing minefield?
In this Help Net Security interview, Pete Hoff, CISO at Wursta, gives advice to SMB security managers and professionals on how to minimize the threat that phishing poses to their organization’s operations and long-term success .
Requests via Facebook Messenger lead to hacking of professional accounts
Facebook business account hijackers rely on fake business inquiries and page/account suspension threats to trick their targets into downloading password-stealing malware.
Microsoft and Adobe patch zero-day vulnerabilities exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)
September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). ).
Microsoft Teams phishing: companies targeted by ransomware access broker
A threat actor known for providing ransomware gangs with initial access to corporate systems has been phishing employees through Microsoft Teams.
Attackers use fallback ransomware if LockBit is blocked
Your security solutions can prevent a LockBit infection, but you may still end up with encrypted files: According to Symantec threat researchers, some affiliates use 3AM ransomware as a backup option in case LockBit is flagged and blocked.
Attackers attacked software company Retool to gain access to crypto companies and assets
Retool, the company behind the popular development platform for building in-house enterprise software, suffered a breach that allowed attackers to access and take control of the accounts of 27 cloud customers, all from the crypto industry.
Microsoft Teams users targeted by phishing attack distributing DarkGate malware
A new phishing campaign leveraging an easily exploitable glitch in Microsoft Teams to deliver malware has been reported by researchers.
Chrome Zero Day exploited in the wild, update now! (CVE-2023-4863)
Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild.
MetaStealer malware targets enterprise macOS users
macOS enterprise users are being targeted by attackers launching a new information-stealing malware called MetaStealer.
Serial Cybersecurity Founders Return to the Game
Last year’s data on the increase in newcomers returning to the startup roller coaster despite the looming recession shows that building a cybersecurity startup during an economic crisis can have clear benefits.
Enhancing Consumer Privacy with Network Security
In this Help Net Security video, Shawn Edwards, CSO of Zayo Group, explains how businesses can ensure a secure network to protect themselves and their consumers.
Good safety training is a real challenge
Everyone claims to take security seriously, but if CISOs and department heads don’t regularly and frequently refresh, test, or even deploy (this is the key) red team tactics against all employees, then they are not being completely honest with themselves.
Strategies for aligning DevSecOps and AI
In this Help Net Security video, Greg Ellis, General Manager of Application Security at Digital.ai, explains how implementing AI-powered tools that continuously test and monitor code for threats helps protect large businesses from attackers and other security risks.
Modernizing fraud prevention with machine learning
The number of digital transactions has exploded. As consumers continue to spend and interact online, they have increasing expectations around security and identity verification.
The Rise and Evolution of Supply Chain Attacks
In this Help Net Security video, Dick O’Brien, Senior Intelligence Analyst on the Symantec Threat Hunter team, discusses the transformation of supply chain attacks.
17 Free AWS Cybersecurity Courses You Can Take Right Now
Here’s a collection of free AWS cybersecurity courses you can use to deepen your knowledge of the platform.
The essential role of authorization in protecting financial institutions
In this Help Net Security video, David Brossard, CTO at Axiomatics, explains how, whether it’s protecting their own privacy or that of their customers, while adhering to global compliance regulations, there’s a lot to think about regarding access control.
CISOs must demonstrate firmness to have influence within the board of directors
More than 70% of CISOs believe that the importance of information security is not recognized by senior management, according to BSS.
Bruschetta-Board: multi-protocol Swiss army knife for hardware hackers
Bruschetta-Board is a device for all hackers looking for a reasonably priced all-in-one debugger and programmer that supports UART, JTAG, I2C and SPI protocols and allows interaction with voltages of different targets (i.e. 1.8, 2.5, 3.3 and 5 Volts!).
Email forwarding flaws allow attackers to impersonate high-profile domains
Sending an email with a fake address is easier than previously thought, according to a research team led by computer scientists at the University of California, San Diego, due to flaws in the process that allows email to be forwarded. emails.
Businesses need to rethink how they implement identity security
More than 80% of organizations have experienced an identity breach involving the use of compromised credentials, half of which occurred in the last 12 months, according to Silverfort and Osterman Research.
CIS SecureSuite Membership: Leverage Best Practices to Improve Cybersecurity
Whether you’re facing a security audit or want to configure systems securely, CIS SecureSuite membership is here to help.
Securing OTA with Michal Geva from Harman International
Michal Geva, Managing Director, OTA and Cybersecurity at Harman International, joined the Left to Our Own Devices podcast to discuss the automotive industry’s adoption of over-the-air updates and the security risks that come with them.
Download: Ultimate Guide to Getting Certified in Cybersecurity
The ultimate guide covers everything you need to know about the entry-level Certified in Cybersecurity certification and how to get started with FREE training and exam through ISC2’s 1MCC program!
New infosec products of the week: September 15, 2023
Here’s a look at the most interesting products from last week, with releases from Armis, Cisco, CTERA, Kingston Digital, Purism and Swissbit.
