Here’s a summary of the most interesting news, articles, interviews and videos from the past week.
Advanced ransomware campaigns highlight the need for AI-powered cyber defenses
In this Help Net Security interview, Carl Froggett, CIO of Deep Instinct, discusses emerging trends in ransomware attacks and how companies are using advanced techniques such as deep learning (DL) for prevention as well as detection and response. It emphasizes the need to use AI technology.
SessionProbe: Open source multi-threaded penetration testing tool
SessionProbe is a multi-threaded penetration testing tool designed to assess user privileges in web applications.
Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more!
OffSec (formerly Offensive Security) has released Kali Linux 2023.4, the latest version of its penetration testing and digital forensics platform.
Microsoft plans to provide enhanced security updates for Windows 10
Microsoft is not abandoning Windows 10 users to a dangerous fate, even as Windows 10 reaches end of support (EOS) on October 14, 2025. Both businesses and individual consumers can receive Extended Security Updates (ESU), but must pay a fee.
Researchers automated jailbreaking of LLMs using other LLMs
Robust Intelligence and Yale University AI security researchers have designed a machine learning technique that can quickly jailbreak large language models (LLMs) in an automated manner.
Short-lived AWS access tokens allow attackers to stay for long periods of time
Attackers typically gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained through phishing or malware, or by finding tokens in public code repositories.
New RCE vulnerability in Apache Struts 2 fixed, upgrade as soon as possible (CVE-2023-50164)
The Apache Struts project has released an update to its popular open source web application framework to fix a critical remote code execution vulnerability (CVE-2023-50164).
Booking.com customers targeted by hotel booking scam
Scammers are taking over hotels’ Booking.com accounts and using them as part of a hotel reservation scam designed to trick guests into sharing their payment card information.
Cybercriminals attack Unitronics PLC at multiple U.S.-based water utilities
US and Israeli authorities announced in a joint cybersecurity advisory that Iran-linked attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs).
Russian hackers exploit old Outlook vulnerability to target Polish organizations (CVE-2023-23397)
Russian state-sponsored hacker group Forest Blizzard (also known as Fancy Bear, also known as APT28) is targeting public and private organizations in Poland using a known vulnerability in Microsoft Outlook (CVE-2023-23397) warned the Polish Cyber Army.
CISA: Adobe ColdFusion flaw exploited to access government servers (CVE-2023-26360)
An unknown attacker has exploited a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to gain access to government servers, the Cybersecurity and Infrastructure Security Agency (CISA) shared. did.
Atlassian fixes 4 critical RCE vulnerabilities, patch now!
Atlassian has identified four critical vulnerabilities in various products (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023) that can be exploited to execute arbitrary code. -22523) has been released.
Meta brings default end-to-end encryption to Messenger and Facebook
Meta is introducing default end-to-end encryption (E2EE) for chats and calls across Messenger and Facebook, the company revealed on Wednesday.
Put guardrails around your use of AI to protect your organization, but be flexible to change
Artificial intelligence (AI) is a hot topic right now. While some industries fear it will replace workers, others embrace it as an innovative way to streamline processes, automate repetitive tasks and save time. I am.
The race to prepare for AI and the position of global companies
In this Help Net Security video, Cisco Advisory CISO Dave Lewis helps businesses understand their readiness level.
OpenTofu: An open source alternative to Terraform
OpenTofu is an open source alternative to Terraform’s widely used infrastructure-as-code provisioning tool.
How AI will revolutionize “shift left” testing in API security
API security testing poses a more complex problem because APIs are based on different technologies (GraphQL, REST, etc.), business functionality (exposing sensitive or non-sensitive data), and other factors.
Exploring the impact of generative AI on the 2024 presidential election
In this Help Net Security video, Ryan Maltzen, a cybersecurity architect at Fortra, explains how this is what we’ve seen in past elections, where the rise of generative AI and other tools appears to be in a good position to influence. explains how it was a largely manual process than expected. In this space.
21 high-risk vulnerabilities discovered in OT/IoT routers
Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open source software elements.
Three security data predictions for 2024
In a world where everything from data to customer expectations to cyber threats is rapidly becoming more complex, how can businesses protect their digital environments?
Why zero trust segmentation is important for cloud resiliency
In this Help Net Security video, John Kindervag, Zero Trust creator and chief evangelist at Illumio, explains how we provide real-time visibility and containment by default to reduce risk and optimize the opportunities presented by the cloud. Learn how your organization needs a modern security approach.
Data security strategies will change in 2024
According to Metomic, 2024 will be a revolutionary year for the data security landscape. Data security posture management (DSPM) technology is rapidly evolving to keep pace with the massive amounts of data being created, stored and shared within organizations and across business sectors.
Ransomware in 2024: Expected impact, targets, and changing landscape
Government pressure will force some ransomware groups to disband or law enforcement will arrest the main bad actors, while affiliates may attack other groups themselves.
Manage human cyber risk using AI and automation
In this Help Net Security video, John Scott, Principal Cybersecurity Researcher at CultureAI, explains how integrating AI and automation into your cybersecurity strategy can improve employee behavior and reduce security incidents. Masu.
Aim for a modern data security approach
Risk, compliance, governance, and security professionals are finally recognizing the importance of subjecting sensitive workloads to robust data governance and protection the moment data begins to flow through the data pipeline. It’s starting.
Week review:
December 2023 Patch Tuesday Forecast: “It’s a season for caution.”
The last Patch Tuesday of the year is just around the corner! This is the time of year when you want to relax and enjoy your vacation, but you need to be extra vigilant to detect and respond to suspicious activity.
eBook: Defending against Infostealer threats
The increasing digital dependence of businesses has increased various cybersecurity threats. One of the fastest growing areas is information-stealing malware known as infostealers. This is malicious software designed to steal data.
Product Showcase: Apiiro integrates AppSec and SSCS with deep ASPM
Apiiro goes beyond the basics to unify risk visibility, assessment, prioritization, and governance across the application and software supply chain, from native code to runtime context.
This week’s new information security products: December 8, 2023
Here are the most interesting products of the past week, featuring releases from Atsign, Daon, Global Integrity, Living Security, Panther Labs, Searchlight Cyber, and Varonis.