Week in review: VMware critical fixes, Bluetooth LE flaw unlocks cars, Kali Linux 2022.2


Here’s an overview of some of last week’s most interesting news, articles and interviews:

Kali Linux 2022.2 released: Desktop enhancements, tweaks for the terminal, new tools, and more!
Offensive Security has released Kali Linux 2022.2, the latest version of its popular penetration testing and digital forensics platform.

VMware issues critical fixes, CISA orders federal agencies to act immediately (CVE-2022-22972)
VMware has released patches for a privately reported critical vulnerability (CVE-2022-22972) in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products, and is urging administrators to patch or mitigate immediately, because “the ramifications of this vulnerability are serious.”

BLE vulnerability may be exploited to unlock cars, smart locks, building doors, smartphones
A Bluetooth Low Energy (BLE) vulnerability discovered by NCC Group researchers may be used by attackers to unlock Teslas (or other cars with automotive keyless entry), residential smart locks, building access systems, mobile phones, laptops, and many other devices.

U.S. warns of North Korean hackers posing as IT freelancers
Companies and other organizations should be careful when employing IT freelancers, lest they end up hiring North Korean hackers.

Recovering from a cybersecurity earthquake: The lessons organizations must learn
It’s been over a year since the SolarWinds supply chain hack sent shockwaves through thousands of organizations worldwide, but this cybersecurity earthquake is by no means over.

Remote work hazards: Attackers exploit weak WiFi, endpoints, and the cloud
Infoblox unveils a global report examining the state of security concerns, costs, and remedies. As the pandemic and uneven shutdowns stretch into a third year, organizations are accelerating digital transformation projects to support remote work.

Two business-grade Netgear VPN routers have security vulnerabilities that can’t be fixed
Netgear has admitted that multiple security vulnerabilities in its business-grade BR200 and BR500 VPN routers can’t be fixed due to technical limitations outside of their control, and is offering users a free or discounted replacement router.

Why cyber security can’t just say “no“
There was a time, not long ago, when there were only so many ways of accomplishing an information technology task. Whether you were building a website, setting up a new computer, or installing a piece of software, your options were limited — if there were any options at all. That time is over.

Emotet is the most common malware
HP announced that the HP Wolf Security threat research team has identified a 27-fold increase in detections resulting from Emotet malicious spam campaigns in Q1 2022, compared to Q4 2021 – when Emotet first made its reappearance.

5 critical questions to test your ransomware preparedness
I’m a pentester – that is, a professional penetration tester. Some call me an ethical hacker, a white hat, or red teamer. Based on my experience as a ransomware attacker, I’ve come up with these five questions that you should ask yourself.

79% of organizations have activated a disaster recovery response within the past 12 months
Zerto recently commissioned IDC to conduct a major ransomware and disaster preparedness survey, which revealed that 79% of respondents have activated a disaster recovery (DR) response within the past 12 months.

How to ensure that the smart home doesn’t jeopardize data privacy?
People already demonstrate a high degree of trust in voice control/interaction. However, as more and more people buy into the smart home and devices proliferate, there is an ever-bigger price to pay when it comes to data security and privacy.

Where do federal agencies stand with zero trust implementation?
One year after the president’s executive order on improving the nation’s cybersecurity, federal agencies are making steady progress toward their zero trust security goals, according to a study commissioned by General Dynamics Information Technology (GDIT), a business unit of General Dynamics.

The most insecure and easily hackable passwords
In this video for Help Net Security, Gary De Mercurio, VP of Trustwave SpiderLabs, talks about how passwords are hacked and what people can do to make that job difficult for attackers.

EU’s NIS 2 Directive to strengthen cybersecurity requirements for companies
The Commission welcomes the political agreement reached between the European Parliament and EU Member States on the Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive) proposed by the Commission in December 2020.

Popularity of online payment goes hand-in-hand with fraud
NICE Actimize has released a report that identifies and analyzes the leading fraud threats and patterns that impacted leading global financial institutions in 2021.

Mastering microsegmentation for enterprise applications
In this video for Help Net Security, Keshav Kamble, CTO of Avocado Systems, talks about the challenges, benefits and modern methods of microsegmentation.

Cardiologist charged for use and sale of ransomware
The US Attorney’s Office is charging a Venezuelan cardiologist with attempted computer intrusions and conspiracy to commit computer intrusions.

Fix your IT weak spots to guarantee compliance
In this video for Help Net Security, Mat Clothier, CEO at Cloudhouse, talks about how organizations can keep control in increasingly regulated environments.

Best practices for healthcare delivery organizations to manage supply chain cybersecurity risks
The Cloud Security Alliance (CSA) released a paper titled Healthcare Supply Chain Cybersecurity Risk Management. Drafted by the Health Information Management Working Group, the report provides best practices that healthcare delivery organizations (HDOs) can use to manage the cybersecurity risks associated with their supply chains.

Many security engineers are already one foot out the door. Why?
In this video for Help Net Security, Jack Naglieri, CEO of Panther Labs, discusses a recent report which found that 80% of security engineers are experiencing burnout.

65% of IT help desk teams report unsustainable levels of stress
According to a Splashtop’s report, that has come at a cost as 65% of IT help desk teams throughout the U.S are reporting an increase in the number of team members reporting unsustainable levels of stress.

Prioritize patching vulnerabilities associated with ransomware
A threat research from Cyber Security Works (CSW) has revealed a 7.6% increase in ransomware vulnerabilities since the publication of the Ransomware Spotlight Report in January 2022.

Easily migrate to the cloud with CIS Hardened Images
CIS offers virtual images hardened in accordance with the CIS Benchmarks, a set of vendor agnostic, internationally recognized secure configuration guidelines.

New infosec products of the week: May 20, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Deepfence, Kasten by Veeam, Qualys, Skybox Security, and Trusona.

More about

Don't miss