Here’s a summary of the most interesting news, articles, interviews and videos from the past week.
Adapt authentication to cloud-centric environments
In this Help Net Security interview, Florian Forster, CEO of Zitadel, discusses the challenges CISOs face when managing authentication across an increasingly distributed and remote workforce, the negative effects of authorization inefficiencies, and cloud transformation. How the transition to will impact your authentication strategy.
What sets a good ASM solution apart?
In this Help Net Security interview, Onyphe CTO Patrice Auffret explains how traditional perimeter-based security thinking is becoming obsolete.
What does the best software security analysis look like?
In this Help Net Security interview, Codean co-CEO Kevin Valk discusses the consequences of relying solely on software security automation tools.
PoC for unauthenticated RCE on Juniper firewalls released
Researchers have identified four recently patched vulnerabilities affecting Juniper Networks SRX firewalls and EX switches that could allow remote code execution (RCE) or proof-of-concept (PoC) exploits. Announced additional details regarding gender.
Easy-to-exploit Skype vulnerability leaks users’ IP addresses
A vulnerability in the Skype mobile app could be exploited by an attacker to discover a user’s IP address. This information is information that could endanger individuals whose physical security depends on their general location information remaining private.
Qakbot botnet destroyed, malware removed from over 700,000 victim computers
The Qakbot botnet has been disabled by the US Department of Justice (DOJ). 52 servers were seized and his popular malware loader was removed from over 700,000 victim computers around the world.
Removing Qakbot from infected computers is only the first step
The Qakbot botnet was disrupted in an international law enforcement operation that culminated last weekend, when specially crafted FBI software began separating infected computers from the botnet.
Cisco VPN without MFA enabled comes under attack by ransomware group
Since March 2023 (and possibly earlier), affiliates of Akira and LockBit ransomware operators have been infiltrating organizations through Cisco ASA SSL VPN appliances.
Revealing a privacy-preserving approach to machine learning
In the era of data-driven decision-making, businesses are leveraging the power of machine learning (ML) to derive valuable insights, increase operational efficiency, and establish competitive advantage.
Kroll SIM swap attack: FTX, BlockFi, Genesis client information leaked
Financial and risk advisory firm Kroll was hit by a SIM swapping attack that gave threat actors access to files containing personal information of customers of bankrupt cryptocurrency platforms FTX, BlockFi, and Genesis.
Is the cybersecurity community’s obsession with compliance counterproductive?
As spending on cybersecurity continues to rise, so too do breach incidents.
Ransomware group exploits Citrix NetScaler systems to gain initial access
A known attacker specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched, internet-facing Citrix NetScaler systems as an initial foothold into corporate networks. I am.
Will the new OWASP API Top 10 help defenders?
The OWASP Foundation’s Top 10 lists help defenders focus on specific technologies, and the OWASP API (Application Programming Interface) Security Top 10 2023 is no exception.
Google launches tool to identify AI-generated images
Google is releasing a beta version of SynthID, a tool that identifies and watermarks AI-generated images.
The power of passive OS fingerprinting for accurate IoT device identification
The number of IoT devices on corporate networks and the Internet is predicted to reach 29 billion by 2030. This exponential growth has unintentionally increased the attack surface.
VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039)
VMware patches one critical vulnerability (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in popular enterprise network monitoring tool Aria Operations for Networks Did.
Apple offers specialized iPhone for security researchers
Apple is once again inviting security researchers to apply to the Security Research Device Program (SRDP) to discover vulnerabilities and earn bug bounties.
How Ducktales takes advantage of compromised business and advertising accounts
Selling compromised business and advertising accounts on social media platforms can generate significant revenue, and Ducktail threat actors specialize in just that.
11 search engines for cybersecurity research you can use right now
Staying ahead in cybersecurity requires continuous learning and adaptation.
What does true diversity look like in the cybersecurity industry?
In this Help Net Security video, Larry Whiteside, Jr., CISO of RegScale and President of Cybersity, talks about how the cybersecurity industry is working more than ever to address the increasingly complex technology-driven challenges facing organizations. explains how we need diversity of thought.
Velociraptor: Open source digital forensics and incident response
Velociraptor is a sophisticated digital forensics and incident response tool designed to improve insight into endpoint activity.
Explore the Open Source Software Security RFI
In this Help Net Security video, Luis Villa, General Counsel at Tidelift, talks about how RFI can help open source professionals and industry leaders help governments make the entire open source ecosystem healthier and more secure. It explains how the best ideas are a clarion call: top of mind.
Experts struggle with prioritizing cloud security and seek clarity
According to the Cloud Security Alliance, cloud native application protection platforms (CNAPP) have emerged as an important category of security tools in recent years due to the complexity of comprehensively securing multicloud environments.
ChatGPT poses a challenge as organizations reevaluate their use of AI
In this Help Net Security video, Arvind Raman, SVP and CISO at BlackBerry, explains how organizations around the world are implementing or banning ChatGPT and other Generative AI applications within the workplace due to cybersecurity concerns. Explain what you are planning.
IT leaders wary of generative AI’s impact on SaaS security
According to Snow Software, IT leaders continue to have confidence in the security posture of software-as-a-service (SaaS), but are still grappling with concerns about the risks of generative AI.
The secret habits of great CISOs
According to Gartner, 69% of top-performing CISOs have regular time on their calendars for personal professional development.
This week’s new information security products: September 1, 2023
Here are the most interesting products of the past week, featuring releases from Ciphertex Data Security, ComplyCube, Fortinet, and MixMode.