Week in review: The future of Metasploit, detecting lateral movement, new issue of (IN)SECURE Magazine


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Beware of password-cracking software for PLCs and HMIs!
A threat actor is targeting industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine interfaces (HMIs), exploiting their pressing needs to turn industrial workstations into dangerous bots.

Vulnerabilities in popular GPS tracker could allow hackers to remotely stop cars
Six vulnerabilities in the MiCODUS MV720 GPS tracker that’s used by organizations around the world to manage and protect vehicle fleets could be exploited by attackers to remotely cut fuel to or abruptly stop vehicles.

Atlassian fixes critical flaws in Confluence, Jira, Bitbucket and other products, update quickly!
Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible.

(IN)SECURE Magazine issue 72 released: Free download
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 72 has been released. It’s a free download, no registration required.

The rise and continuing popularity of LinkedIn-themed phishing
Phishing emails impersonating LinkedIn continue to make the bulk of all brand phishing attempts; according to Check Point, 45% of all email phishing attempts in Q2 2022 imitated the style of communication of the professional social media platform, with the goal of directing targets to a spoofed LinkedIn login page and collecting their account credentials.

Microsoft adds default protection against RDP brute-force attacks
Brute-forced RDP access and malicious macros have for a long time been two of the most popular tactics used by threat actors to gain unauthorized access to Windows systems.

Removing the blind spots that allow lateral movement
There are critical blind spots in most security solutions today that make it nearly impossible to detect and prevent lateral movement attacks.

82% of global insurers expect the rise in cyber insurance premiums to continue
A Panaseer survey of global insurers across the UK and US found that 82% are expecting the rise in premiums to continue, with 74% of insurers agreeing that their inability to accurately understand a customer’s security posture is impacting price increases.

The importance of secure passwords can’t be emphasized enough
Cybercriminals typically rely on weak passwords to break into online accounts of unsuspecting victims, which often leads to severe consequences. But despite understanding the importance of strong passwords as a critical security best practice, for most users the ease of memorizing only a few passwords and reusing them everywhere outweighs the increased security risk.

Online payment fraud losses to exceed $343 billion
Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research.

How kitemarks are kicking off IoT regulation
Regulation of the Internet of Things (IoT) has always been a contentious subject. Those against claim it stymies growth of a nascent industry, while those advocating for it argue it sees the adoption of industry best practices and helps establish standards.

Industrial cybersecurity leaders are making considerable headway
Increased cyber threats and government directives have made cybersecurity a top priority among critical infrastructure organizations.

How to prepare your organization for a Slack or Office 365 breach
In this Help Net Security video, Ofer Maor, CTO at Mitiga, discusses the top security considerations for organizations to prepare for and minimize the potential impact of a Slack or Office 365 breach.

Popular business web apps fail to implement critical password requirements
Specops Software released new research finding cybersecurity weaknesses in business web apps including Shopify, Zendesk, Trello, and Stack Overflow.

What NATO’s virtual rapid response cyber capability means for the fight against cyber warfare
In this Help Net Security video, Itay Bochner, Director of Malware Analysis Solutions, OPSWAT, talks about NATO’s virtual rapid response cyber capability and what it means.

What threats and challenges are CISOs and CROs most focused on?
Cyber executives may not be sufficiently prioritizing threats from vulnerabilities within the value chain, beyond the immediate boundaries of their own organizations, according to Tata Consultancy Services.

How adversaries are leveraging pentesting tools to launch attacks
In this Help Net Security video, Tony Lambert, Senior Malware Analyst at Red Canary, talks about how adversaries’ favorite tools are legitimate tools that are used for malicious purposes.

The first formal verification of a prototype of Arm CCA firmware
As our personal data is increasingly used in many applications from advertising to finance to healthcare, protecting sensitive information has become an essential feature for computing architectures.

Huntress acquires security awareness training platform Curricula for $22 million
Huntress, the managed security platform for SMBs, has acquired Curricula, a story-based security awareness training platform that empowers employees to better defend themselves against hackers. In this Help Net Security video, Marcos Torres, Huntress’ CFO, talks about what this acquisition means for the future of this company.

60% of IT leaders are not confident about their secure cloud access
60% of IT and security leaders are not confident in their organization’s ability to ensure secure cloud access, even as adoption continues to grow across a diverse range of cloud environments, according to research from the Ponemon Institute.

Why SBOMs aren’t the silver bullet they’re portrayed as
In this Help Net Security video, Julie Klein, Director, Global Public Policy at Akamai Technologies, discusses her take on SBOMs.

The past, present and future of Metasploit
In this Help Net Security video, Spencer McIntyre, Lead Security Researcher at Rapid7, talks about how Metasploit enables defenders to always stay one step (or two) ahead of the game, and offers a glimpse into the future.

AppViewX raises $20 million to help businesses reduce risk
In this Help Net Security video, Gregory Webb, CEO at AppViewX, talks about how the additional investment will help maximize AppViewX’s go-to-market operations.

Introducing the book: Managing the Dynamic Nature of Cyber Security
In this Help Net Security video, he talks about how the book helps organizations define solid security strategies.

How organizations can implement a complete data strategy
In this Help Net Security video, Bernard Brantley, CISO at Corelight, discusses why organizations need to rethink their data strategy, challenging the assumption that they must collect everything and determine its usage at the point of incident.

How to identify and combat online fraud
In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses how organizations need to prepare for fraudulent BNPL activity.

Product showcase: Passwork – the best solution for work with corporate passwords
Passwork aims to enable efficient and secure working processes through the automated management of passwords and corporate accounts.

New infosec products of the week: July 22, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Cato Networks, CoSoSys, Darktrace, EnGenius, Orca Security, Persona, and Resecurity.

More about

Don't miss