Review of the week: 6 free resources to get started in cybersecurity, Patch Tuesday predictions
Here’s a look at some of the most interesting news, articles, interviews and videos from the past week:
The Misconceptions That Prevent Wider Adoption of Digital Signatures
In this Help Net Security interview, Thorsten Hau, CEO of fidentity, discusses the legal validity of qualified digital signatures, demonstrating their equivalence to handwritten signatures when supported by robust identity verification.
Move left and right, innovate in product safety
In this Help Net Security interview, Slava Bronfman, CEO of Cybellum, discusses approaches to ensuring product security throughout the lifecycle of a device, fostering collaboration across business units and product lines , ensuring transparency and security in the supply chain and meeting regulatory requirements while ensuring compliance.
Reaper: Open Source Reconnaissance and Attack Proxy Workflow Automation
Reaper is an open source reconnaissance and attack proxy, designed to be a modern, lightweight and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and creating universally distributable workflows.
Atlas VPN Zero Day allows sites to discover users’ IP addresses
Atlas VPN has confirmed the existence of a zero-day vulnerability that could allow website owners to discover the real IP address of Linux users.
Old vulnerabilities remain a big problem
A recently reported phishing campaign aimed at delivering the Tesla RAT agent to unsuspecting users exploits old Microsoft Office vulnerabilities that allow remote code execution.
LibreOffice: stability, security and continued development
LibreOffice, the most widely used open source office productivity suite, has many advantages: it is feature-rich, user-friendly, well-documented, reliable, has an active community of developers working to improve it, and it is free.
How Chinese hackers got their hands on Microsoft’s token signing key
The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to hack Microsoft 365’s email service and access employee accounts at 25 government agencies has been explained: they ‘found it somewhere it shouldn’t have been: Microsoft’s corporate environment. .
Apple fixes two Zero Day attacks (CVE-2023-41064, CVE-2023-41061)
Apple has fixed two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to distribute NSO Group’s Pegasus spyware.
LockBit leaks sensitive data from maximum security fence maker
The LockBit ransomware group hacked Zaun, a British manufacturer of fencing systems for military sites and critical utilities, by compromising an old computer running Windows 7 and using it as an initial access point to the company’s wider network. business.
5 Ways FHE Can Solve Blockchain Privacy Issues
Blockchain technology has gained popularity due to its decentralized nature and immutability, providing transparency and security to various applications, especially in the financial field.
Cybercriminals target MS SQL servers to spread ransomware
A cyberattack campaign targets exposed Microsoft SQL (MS SQL) databases, aiming to deliver ransomware and Cobalt Strike payloads.
Connected cars and cybercrime: introduction
As our vehicles become more and more connected to the outside world, the attack surface available to cybercriminals is rapidly increasing, and new “smart” features found on current generation vehicles around the world are opening the door to new threats.
MacOS malware has a new trick up its sleeve
A newer version of the Atomic Stealer malware for macOS has a new trick that allows it to bypass the operating system’s Gatekeeper, Malwarebytes researchers have discovered.
Emerging Threat: AI-Based Social Engineering
Social engineering is a sophisticated form of manipulation but, thanks to advances in AI, malicious groups have gained access to very sophisticated tools, suggesting that we may face more sophisticated social engineering attacks in the future. the future.
North Korean hackers target security researchers with zero-day exploit
North Korean actors are once again attempting to compromise security researchers’ machines using a zero-day exploit.
3 ways to find the right balance with generative AI
To find the sweet spot where innovation doesn’t mean sacrificing your security posture, organizations should consider the following three best practices when leveraging AI.
Why end-to-end encryption is important
In this Help Net Security video, Kayne McGladrey, Senior IEEE Member and Field CISO at Hyperproof, discusses end-to-end encryption (E2EE).
September 2023 Patch Tuesday Forecast: Important news from the federal government
Microsoft fixed 33 CVEs in Windows 10 and 11 last month, after nearly 3 times that number in July.
Solutions to fill the cyber talent gap you need to know about
In this Help Net Security video, Gene Fay, CEO of ThreatX, explains how limited exposure to cybersecurity-focused educational resources is attributed to a talent shortage, with consumers less likely to explore these careers.
6 free resources to get started in cybersecurity
Cybersecurity isn’t just a growing career field: it’s a vocation that’s increasingly vital to our world’s infrastructure.
How Cybercriminals Use Lookalike Domains to Impersonate Brands
In this Help Net Security video, Eric George, Director of Solutions Engineering at Fortra, explains why brands should take domain spoofing threats seriously and how security teams can counter this issue.
Cybersecurity professionals battle discontent over skills shortage
The cybersecurity skills crisis continues in a multi-year free fall that has affected 71% of organizations and led two-thirds of cybersecurity professionals to say the job has become more difficult in the past two years, while that 60% of organizations continue to evade their responsibilities. according to a new report from ESG and ISSA.
Best practices for implementing a proper backup strategy
In this Help Net Security video, David Boland, vice president of cloud strategy at Wasabi Technologies, discusses best practices for implementing a proper backup strategy.
Ransomware attacks go beyond just data
65% of organizations confirmed that ransomware is one of the top three threats to their viability, and for 13%, it is the biggest threat, according to a report from Enterprise Strategy Group (ESG) and Keepit.
Spam is on the rise, QR codes emerge as a significant threat vector
85% of phishing emails used malicious links in the email content, and spam increased by 30% between the first and second quarters of 2023, according to a VIPRE report.
Avoidable digital certificate issues fuel data breaches
Among organizations experiencing data breaches, 58% were due to issues with digital certificates, according to a report from AppViewX and Forrester Consulting.
Global losses from roaming fraud will exceed $8 billion by 2028
Global roaming fraud losses expected to exceed $8 billion by 2028; due to the increase in bilateral roaming agreements for data-intensive use cases on 5G networks, according to Juniper Research.
Championing Cybersecurity Regulatory Affairs with Nidhi Gani
The world of regulatory affairs for medical device manufacturers has seen a seismic shift in recent years, with regulators demanding more reliability and transparency from medical device manufacturers, particularly regarding their cybersecurity.
CIS Benchmarks Communities: where configurations meet consensus
Have you ever wondered how technology enhancement guidelines are developed? Some are determined by a particular supplier or driven by an outcome perspective. This is not the case for CIS benchmarks.
Infosec Products of the Month: August 2023
Here’s a look at the most interesting products from last month, with releases from: Action1, Adaptive Shield, Bitdefender, Bitwarden, Forescout, ImmuniWeb, Kingston Digital, LastPass, Lineaje, LOKKER, Menlo Security, MongoDB, Netskope, NetSPI, OffSec, Qualys, SentinelOne, Solvo, SonarSource, SpecterOps, Synopsys, ThreatConnect, Traceable AI and Vicarius.
New infosec products of the week: September 8, 2023
Here’s a look at the most interesting products from the past week, with releases from CyberSaint, Ghost Security, Hornetsecurity, NTT Security Holdings and TXOne Networks.
