Here’s a summary of the most interesting news, articles, interviews and videos from the past week.
The reality of hacking threats in connected car systems
In this Help Net Security interview, Ivan Reedman, Director of Secure Engineering at IOActive, talks about how manufacturers, government regulations, and consumers are adapting to these new challenges.
Beyond blockchain: Strategies for seamless digital asset integration
In this Help Net Security interview, Jean-Philippe Aumasson, CSO of Taurus, highlights the often overlooked complexities of key generation, storage, and distribution, and calls for a high level of security maturity when working with digital assets. It emphasizes the need.
Prioritize CIS controls for effective cybersecurity across your organization
In this Help Net Security interview, Randy Marchany, CISO at Virginia Tech, discusses the challenges and strategies associated with implementing CIS controls in organizations of various sizes.
The CISO’s role in identifying technology components and managing the supply chain
In this Help Net Security interview, Nate Warfield, director of threat research and intelligence at Eclypsium, outlines the critical tasks of CISOs in securing the supply chain and achieving comprehensive visibility.
Emerging trends and strategies in digital forensics
In this Help Net Security interview, Amber Schroader, CEO of Paraben Corporation, discusses the challenges posed by the complexity of modern computer systems and networks when it comes to collecting digital evidence.
CloudFoxable: An open source AWS penetration testing playground
CloudFoxable is a capture-the-flag (CTF)-style learning platform that you can deploy in your playground AWS account.
Automated Emulation: Open Source Compromise and Attack Simulation Lab
Automated Emulation is an open source Terraform template designed to create customizable, automated breach and attack simulation labs.
Attackers can steal NTLM password hashes through calendar invites
A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) allows attackers to steal a user’s NTLM v2 hash by sending two headers to an email containing a specially crafted file. It can be exploited by adding , security researcher Dolev Taler shared: Friday.
Data from 15 million Trello users is collected and sold
Someone is selling scraped data from millions of users of Trello, a popular web-based list-building application and project management platform, on dark web hacker forums.
Apple announces new features to stop iPhone theft
In addition to fixing actively exploited zero-day vulnerabilities, the latest update to the iOS 17 branch provides new features to help protect your account and sensitive information if your iPhone is stolen.
PoC of easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)
Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been published, raising concerns that attackers may soon exploit it.
Why are ransomware victims less likely to pay?
There’s a good reason why ransomware gangs have gone beyond encrypting their victims’ data to exfiltrating it. Because those organizations are paying more.
Tietoevry ransomware attack brings down Swedish organization
Finnish IT software and services company Tietoevry suffered a ransomware attack on several customers at one of its data centers in Sweden.
Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)
Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) affecting Macs, iPhones, iPads, and AppleTVs.
Combating insider threats is a difficult but essential task
Business leaders are almost as worried about internal staff mistakes (71%) as they are about external threats (75%). But which is the bigger threat to businesses?
Expected increase in volume due to AI and impact of cyber attacks
Analysts at the UK’s National Cyber Security Center say that cyber threat actors of all types are already making use of artificial intelligence (AI) to varying degrees, and that AI will “almost certainly increase the volume of cyber attacks over the next two years.” “This will increase the number of cyberattacks and increase the impact of cyberattacks.”
Russian hackers break into Microsoft and HPE company Malivox
Cozy Bear (aka Midnight Blizzard, aka APT29) is busy hacking and espionage against major tech companies. Both Microsoft and Hewlett Packard Enterprise (HPE) recently revealed successful attack campaigns by his Russia-linked APT group.
Without clear guidance, the SEC’s new rules on incident reporting could be harmful
The SEC has established a series of guidelines that “require registrants to disclose any significant cybersecurity incidents they experience and annually disclose significant information regarding their cybersecurity risk management, strategy, and governance. ”
Top cybersecurity concerns for the upcoming election
In this Help Net Security video, Adam Marrè, CISO at Arctic Wolf, explains how state and local governments need to focus on cybersecurity as the 2024 US elections approach.
10 US Cybersecurity Conferences to Visit in 2024
10 US cybersecurity conferences to visit in 2024.
Why cyberattacks shouldn’t be kept secret
No company is immune to cyber-attacks, but too many companies try to maintain a wall of silence when the inevitable happens.
Why resilient leaders need to prepare for complex crises
In this Help Net Security video, Infinite Blue CEO Frank Shultz explains how more frequent and severe disruptions and an increasingly interconnected world are colliding to create new threats for resilience leaders to manage. I will explain how it creates a political crisis.
A new way to prevent mobile account takeovers
Computer science researchers have developed a new way to identify security weaknesses that make people vulnerable to account takeover attacks, where attackers gain unauthorized access to online accounts.
The impact of omission bias on vulnerability management
Whether we want to admit it or not, we all have subconscious biases that greatly influence our behavior. One of them is omission bias, which has interesting implications for the world of cyber security, especially vulnerability management.
In 2024, AI and ML will go from fancy to functional
In this Help Net Security video, George Tziahanas, AGC and VP of Compliance at Archive360, talks about core areas that may not have gotten enough attention yet, but are likely to receive attention in the coming months. is specified.
Whitepaper: MFA misconceptions
Read the white paper, “MFA Misconceptions” to understand the limitations of MFA and how important it is to integrate it with other robust security measures to build resilient defense mechanisms .
New Information Security Products of the Week: January 26, 2024
Here are the most interesting products of the past week, featuring releases from 1Kosmos, Atakama, Onfido, Regula, Searchlight Cyber, Seceon, and Veriti.
