Here’s a summary of the most interesting news, articles, interviews and videos from the past week.
Disclosure of vulnerabilities: Legal risks and ethical considerations for researchers
In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in cybersecurity.
How passkeys are reimagining security and convenience for users
In this Help Net Security interview, Anna Pobletts, Head of Passwordless at 1Password, talks about passkey adoption and its acceleration in 2024. This trend is especially evident among highly regulated services such as fintech and banking, where users want a sign-in experience that: It’s simple and approachable.
Strategies for fostering a collaborative culture in zero trust adoption
In this Help Net Security interview, Wolfgang Goerlich, Advisory CISO at Cisco, discusses the benefits of implementing a mature Zero Trust model for both security and business outcomes, reducing reported security incidents and increasing adaptability. Reinforcements are revealed.
Closing the risk exposure gap with strategies for internal auditors
In this Help Net Security interview, Richard Chambers, Senior Internal Audit Advisor at AuditBoard, discusses the transformative role of the internal audit function and risk management in helping organizations close their risk exposure gaps. Masu.
AWS Kill Switch: Open Source Incident Response Tool
AWS Kill Switch is an open source incident response tool for quickly locking down AWS accounts and IAM roles during security incidents.
Vigil: Open Source LLM Security Scanner
Vigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to large-scale language models (LLMs).
Mosint: Open source automated email OSINT tool
Mosint is an automated email OSINT tool written in Go and designed to facilitate quick and efficient investigation of targeted emails. It integrates multiple services and gives security researchers quick access to a wide range of information.
PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)
A proof-of-concept (PoC) exploit has been published for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that could allow remote code execution. Users are encouraged to promptly implement any patches or workarounds provided.
Announcement: AI security guidelines supported by 18 countries
The UK’s National Cyber Security Center (NCSC) states that developers and providers of AI-powered systems must ensure that AI systems “work as intended, are available when needed, and operate without exposing sensitive data to unauthorized parties.” We have announced new guidelines to help you build your
ownCloud critical flaw under attack (CVE-2023-49103)
Attackers are attempting to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in corporate environments.
Okta breach: Hacker stole information for all customer support users
The scope of the latest breach of the Okta customer support system is much broader than originally established, the company acknowledged on Tuesday. The attacker downloaded a report containing the names and email addresses of all her Okta customer support system users.
PoC released for critical vulnerability in Arcserve UDP
Arcserve fixes critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, the PoC of which was published by Tenable researchers on Monday it was done.
Apple patches two zero-days targeting iOS users (CVE-2023-42916 CVE-2023-42917)
In its latest security update, Apple has identified two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may be exploited against versions of iOS prior to iOS 16.7.1.” Fixed.
Small businesses face a surge in ‘no malware’ attacks
The most prominent threats facing small and medium-sized businesses (SMBs) in Q3 2023 were “malware-free” attacks, attackers’ increased reliance on legitimate tools and scripting frameworks, and BEC fraud, according to Huntress. Security platforms and services for SMBs and managed service providers (MSPs), according to the first SMB Threat Report published.
Slovenian electricity company fell victim to ransomware
Slovenian power generation company Holding Slovenske Electricalne (HSE) was hit by ransomware and some of its data was encrypted.
Google fixes exploited Chrome zero-day (CVE-2023-6345)
Google has released an emergency security update to fix a number of vulnerabilities in its Chrome browser, including an actively exploited zero-day vulnerability (CVE-2023-6345).
CISA asks water utilities to secure Unitronics PLCs
News that Iran-linked attackers have taken control of a programmable logic controller (PLC) at a Pennsylvania water facility has prompted a public alert calling on other water authorities to immediately secure their own PLCs.
Why it’s the perfect time to consider your software update policy
Historically, software updates have been an opportunity for developers to strike a balance between introducing new features and addressing known vulnerabilities. However, in the face of an increasingly agile adversary community and overall attack sophistication, this balance is tipping towards the more urgent need for a rapid security response.
Bridging the gap between cloud security and on-premises security
With the proliferation of SaaS applications, remote work, and shadow IT, organizations feel obligated to adopt cloud-based cybersecurity. That’s natural. Because corporate resources, traffic, and threats are no longer confined to the office premises.
Security leaders are on high alert as GenAI poses privacy and security risks
In this Help Net Security video, Neil Cohen, Head of Go-To-Market at Portal26, explains why security leaders are concerned about the privacy and security risks of GenAI. While the benefits of GenAI are indisputable, the lack of visibility reduces efficiency and increases vulnerabilities in areas such as governance and privacy.
Gateway Protection: Securing Distributed Networks
In this Help Net Security video, Netography CEO Martin Roesch explains why this change is happening now, the biggest challenges organizations face in securing distributed networks, and how to successfully evolve with today’s networks. Learn how to protect it.
Businesses prepare for inevitable cyberattacks
In this Help Net Security video, Rahul Pawar, Global VP of Security Go-To-Market and CTO of Global Services & Solutions at Commvault, explains how business leaders need to play a critical role in prioritizing cyber security for their enterprises. I’ll explain why.
What custom GPT means for the future of phishing
In this Help Net Security video, Tal Zamir, CTO of Perception Point, believes this will be a powerful tool used by malicious attackers to enhance their phishing campaigns. This is because malicious attackers have an efficient way to enhance the output of customized phishing emails beyond their intended purpose. Classic ChatGPT.
Key drivers of software security in financial services
In this Help Net Security video, Chris Eng, Veracode’s Chief Research Officer, explains how financial institutions can benefit from enhanced automation and secure coding techniques to prevent, detect, and detect vulnerabilities faster than ever before. We explain what we can do for you.
Report: The State of Authentication Security in 2023
This study aims to explore these challenges, identify common practices, and provide insight into how organizations can strengthen their defenses.
Generated AI Security: Microsoft Copilot Data Leak Prevention
Copilot is an AI assistant that lives inside every Microsoft 365 app, including Word, Excel, PowerPoint, Teams, and Outlook. Microsoft’s dream is to take the drudgery out of everyday work and free people to focus on being creative problem solvers.
Product Showcase: New ESET Home Security
ESET HOME Security subscriptions are available for all major operating systems: Windows, macOS, Android and iOS. With new products, ESET introduces two breakthrough features that enhance your online security and privacy: VPN and Identity Protection.
Infosec Product of the Month: November 2023
Here are the most interesting products from last month. Featuring releases from Action1, Amazon, Aqua Security, ARMO, Datadog, Devo Technology, Druva, Entrust, Enzoic, Fortanix, GitHub, Illumio, Immuta, IRONSCALES, Kasada, and Lacework. , Malwarebytes, Nitrokey, OneSpan, Paladin Cloud, Snappt, ThreatModeler, and Varonis.
New Information Security Products of the Week: December 1, 2023
Here are the most interesting products of the past week, featuring releases from Amazon, Datadog, Entrust, Fortanix, GitHub, Nitrokey, and Paladin Cloud.