Here’s a summary of the most interesting news, articles, interviews and videos from the past week.
Create a formula for effective vulnerability prioritization
In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insight into the business impact of vulnerabilities.
Subdominator: An open source tool for detecting subdomain takeovers
Subdominator is a reliable and fast open-source command line interface tool for identifying subdomain takeovers.
EMBA: Open source security analyzer for embedded devices
EMBA Open Source Security Analyzer is tailored as a central firmware analysis tool for penetration testers and product security groups.
SSH vulnerability exploitable for Terrapin attacks (CVE-2023-48795)
Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH encrypted network protocol. This vulnerability could allow an attacker to downgrade the security of a connection by truncating extended negotiation messages.
MongoDB corporate systems breached, exposing customer data
Database management company MongoDB was breached and attackers gained access to some of the company’s corporate systems as well as customer data and metadata.
Qakbot attacks hospitality industry again
Although the Qakbot botnet was disrupted this summer, cybercriminals have no intention of giving up on this malware. Microsoft threat analysts have discovered a new phishing campaign attempting to deliver malware to targets in the hospitality industry.
Microsoft is working on a more secure printing system for Windows
After announcing earlier this year that it would be phasing out third-party printer drivers on Windows, Microsoft announced plans to improve security by introducing Windows Protected Print Mode (WPP).
Cooper’s breach exposed sensitive information of more than 14 million customers
Mortgage company Cooper has admitted that a data breach in October 2023 exposed the personal information of more than 14.6 million customers.
Used Citrix Bleed to steal data from over 35 million Comcast Xfinity customers
Telecommunications company Comcast has confirmed a breach that exposed the personal information of more than 35.8 million Xfinity customers.
8220 Gang exploits old Oracle WebLogic vulnerabilities to steal information and run cryptocurrency miners
The Imperva Threat Research team found that the 8220 gang leverages an old vulnerability in Oracle WebLogic Server (CVE-2020-14883) to distribute malware.
Improve your application experience by fixing incorrect network behavior
Network performance defines how well an application performs and how satisfied the people who use it are. So this is what user experience (UX) and application experience (AX) are all about.
Wiz and Apiiro partner to deliver context-driven security from code to cloud
In this Help Net Security video interview, John Leon, Apiiro’s VP of Ecosystem and Partnerships, talks about how partnerships and technology integrations enable Wiz and Apiiro to deliver contextual insights into inventory, vulnerabilities, issues, configuration findings, and more. Learn how you can share your high-priority security findings.
Ransomware trends and recovery strategies businesses should know about
This article presents excerpts from our research on ransomware attacks in 2023.
Effects of immediate injection on LLM agents
As organizations move closer to deploying LLM-powered agents and integrating them into real-world scenarios, the threat exists that attackers can turn agents into deranged representatives through instant injection and “jailbreak” techniques.
Supply chain emerges as key vector for escalating auto cyberattacks
In this Help Net Security video, VicOne Cybersecurity Architect Jay Yaneza explains how cyberattacks against the automotive sector caused over $11 billion in losses in the first half of this year.
The 21st Century Cures Act’s information blackout rules will redefine data exchange in healthcare.
Verato’s research provides perspective on healthcare executives’ data management strategies, addressing key gaps, facilitating seamless data exchange, and aligning healthcare master data management with the mandates of the 21st Century Cures Act. hMDM).
AI’s effectiveness is limited in cybersecurity but limitless in cybercrime
One of the biggest challenges when implementing AI-driven solutions in cybersecurity is building trust. Many organizations are skeptical of AI-powered products from security companies.
How executives are adapting to growing cybersecurity concerns in mobile networks
In this Help Net Security video, Rowland Corr, vice president and head of government relations at Enea, discusses the impact of burner phones and the struggle to protect consumers from advanced (usually state-sponsored) cyber threats. explains the crisis of trust in network operators.
Law enforcement seizes ALPHV/Blackcat site and provides decryption tools to victims
The U.S. Department of Justice today announced a disruption campaign against the Blackcat/ALPHV ransomware group, informing victims that there are decryption tools available.
Why data, AI and regulation will top the list of threats in 2024
The new year faces a situation characterized by political uncertainty, societal divisions, escalating geopolitical tensions, and a turbulent macroeconomic backdrop, as security leaders prepare strategically for the challenges ahead. This is extremely important.
A closer look at the manufacturing threat landscape
In this Help Net Security video, Kory Daniels, CISO at Trustwave, discusses a recent comprehensive study that highlights the clear cybersecurity threats facing manufacturers.
86% of cyberattacks occur via encrypted channels
According to Zscaler, threats via HTTPS have increased by 24% since 2022, highlighting the sophisticated nature of cybercrime tactics that target encrypted channels.
New insights into the global industrial cybersecurity landscape
In this Help Net Security video, William Noto, vice president and industry principal at Claroty, discusses a recent global survey of 1,100 IT and OT security professionals working in critical infrastructure fields .
Is your organization retiring passwords?
This article presents excerpts from a certification study we conducted in 2023. These findings will enable organizations to prepare and develop better authentication strategies in the future.
11 GenAI Cybersecurity Research You Should Read
This article presents excerpts from our 2023 Generative AI Survey. These findings will inform future cybersecurity strategies.
Balancing AI expectations with privacy and intellectual property concerns
This article presents excerpts from our 2023 AI research. These studies provide organizations with statistics that can help them create future AI security strategies.
Product Showcase: ImmuniWeb AI Platform
The ImmuniWeb AI platform provides web and mobile penetration testing that can be easily configured, scheduled, and launched in minutes.
Product Showcase: DCAP Solution for Data Classification and Access Rights Auditing FileAuditor
FileAuditor scans all your file storage and checks it for compliance with security policies. It examines the names of the files, the directories in which they are saved, reveals which users can access them, and most importantly, analyzes the contents of each file.
New Information Security Products of the Week: December 22, 2023
Here are the most interesting products of the past week, featuring releases from Argus Cyber Security, Clafy, Kasada, and Stratus.