[ad_1]
Here’s a rundown of the most interesting news, articles, interviews and videos from last week.
BSidesZG 2023: Strengthening the Information Security Community in the Croatian Capital
In March 2023, Zagreb will be added to the (already long) list of cities where information security professionals and enthusiasts can share their knowledge with their peers at the Security BSides conference. We spoke with BSidesZG organizer Ante Jurjevic to find out what’s in store for attendees.
How to address the cybersecurity skills shortage in the EU
In this Help Net Security, Dritan Saliovski, Director and Nordic Head of Cyber M&A and Transaction Advisory Services at Aon, offers some guidance and advice to organizations on how to attract and retain top cybersecurity talent. doing.
ChatGPT is a bigger threat to cybersecurity than most people realize
A freely available language generation AI model called ChatGPT has taken the internet by storm. AI has the potential to help IT and security teams become more efficient, but it also enables threat actors to develop malware.
ENISA Distributes Toolbox to Create Security Awareness Program
The European Union Cybersecurity Agency (ENISA) has launched Awareness Raising in a Box (AR-in- a-BOX) is now available. .
Apple Delayed Zero-Day Patch for iOS v12 (CVE-2022-42856)
Apple releases security updates for macOS, iOS, iPadOS, and watchOS that, among other things, introduce a type confusion flaw in WebKit components that can be exploited for remote code execution on older iPhones and iPads running iOS. (CVE-2022-42856) patched v12.
GoTo now says customers’ backups were also stolen
GoTo (formerly LogMeIn) confirmed Monday that attackers stole customers’ encrypted backups from third-party cloud storage services associated with its Central, Pro, join.me, Hamachi, and RemotelyAnywhere products. Did.
Critical flaws in VMware vRealize Log Insight have been patched (CVE-2022-31706, CVE-2022-31704)
VMware has addressed two critical vulnerabilities (CVE-2022-31706, CVE-2022-31704) and two critical vulnerabilities (CVE-2022-31710, CVE-2022-31710) in VMware vRealize Log Insight, a multi-cloud solution for centralized logging. Fixed CVE-2022-31711). Management, operational visibility, and intelligent analytics.
Riot Games Compromise: How Did It Happen?
Hackers who broke into Riot Games last week demanded $10 million to keep the stolen source code for the company’s popular online game, League of Legends.
Attackers are using portable executables for remote management software to great effect
Tricking users of targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a common pattern for financially motivated attackers.
Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)
Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI that validates public key certificates.
Lonely leading a cybersecurity startup
A well-funded start-up world is an attractive beacon for aspiring entrepreneurs across the cybersecurity industry, and the ultimate responsibility for reaching the goal rests with good management from the CEO. .
Trained developers can remove more vulnerabilities than code scanning tools
An EMA survey of 129 software development professionals found that only a few organizations using code scanning tools prevented a higher percentage of vulnerabilities than those without code scanning tools. was 10%. adopted.
Why Most IoT Cybersecurity Strategies Give Zero Trust Hope
In this Help Net Security video, Portnox CEO Denny LeCompte explains how it’s been difficult to accurately profile IoT and why zero trust strategies fail when applied to IoT.
Understanding your attack surface makes it easier to prioritize technologies and systems
Organizations need to balance performing good due diligence before patching and then patching as soon as possible to protect themselves from emerging threats.
NSA Issues IPv6 Security Guidance
The U.S. National Security Agency (NSA) has published guidance to help the Department of Defense (DoD) and other system administrators identify and mitigate security issues associated with transitioning to Internet Protocol version 6 (IPv6). bottom.
Details of malicious packages targeting Python developers
In this Help Net Security video, Sonatype security researcher Carlos Fernandez talks about how the company’s AI systems caught a package attacking Python developers with unique tactics.
Chinese researchers: RSA is breakable. Other: Don’t panic!
Chinese researchers recently claimed that existing algorithms could be used in today’s quantum computers to defeat the RSA algorithm, the fundamental underpinning of secure Internet communications.
Supply chain attacks caused more data breaches than malware
According to the Identity Theft Resource Center, the first half of 2022 saw a decline in the number of reported breaches, partly due to Russia-based cybercriminals being distracted by the war in Ukraine and volatility in the cryptocurrency market. bottom.
Why SMBs are Vulnerable to BEC Attacks
In this Help Net Security video, Coro co-founder Dror Liwer explains why small businesses are particularly vulnerable to this form of attack and the BEC’s contribution to the country’s annual cyber losses makes sense As well as talking about the likely reason. Underreporting.
How companies can strengthen their cybersecurity defenses with open source
Open source software can be examined by anyone, both attackers and defenders. However, this does not necessarily give the attacker an advantage.
Range of reported CVEs overwhelms owners of critical infrastructure assets
According to SynSaber, the sheer volume of reported ICS vulnerabilities and CVEs can overwhelm owners of critical infrastructure assets and leave them wondering where to start.
3 business application security risks businesses need to prepare for in 2023
Attackers are using less obscure techniques to directly target and profit from a critical enterprise function: enterprise resource planning (ERP) applications.
New Information Security Products of the Week: January 27, 2023
Here are the most interesting product releases from Perimeter 81, SpyCloud, ThreatConnect, Venafi, and Wallarm from the past week.
[ad_2]
Source link