Week in review: Revolut data breach, ManageEngine RCE flaw, free Linux security training courses

Week in review

GTA 6 in-development footage leaked
American video game publisher Rockstar Games has suffered an unfortunate data leak: someone has released online in-development footage/videos for Grand Theft Auto (GTA) 6, the eagerly anticipated instalment of the popular game.

Uber says Lapsus$ gang is behind the recent breach
Uber has confirmed that the recent breach of its systems started with a compromised account belonging to a contractor.

Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559)
Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects.

Revolut data breach: 50,000+ users affected
Revolut, the fintech company behing the popular banking app of the same name, has suffered a data breach, which has been followed by phishing attacks aimed at taking advantage of the situation.

US to award $1B to state, local, and territorial governments to improve cyber resilience
The US government will award $1 billion in grants to help state, local, and territorial (SLT) governments address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and ensure cyber resilience against persistent cyber threats.

The 25 most popular programming languages and trends
CircleCI released the 2022 State of Software Delivery report, which examines two years of data from more than a quarter billion workflows and nearly 50,000 organizations around the world, and provides insight for engineering teams to understand how they can better succeed.

Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog.

Securing your Apple device front through unified endpoint management
Apple has always touted the security and privacy capabilities of their devices. Being responsible for both the hardware and the associated OS has allowed Apple to create a closed-end approach to shield users against some common attacks.

3 free Linux security training courses you can take right now
Learning how to effectively navigate and interact with Linux can be an important part of your learning journey in cybersecurity.

Take cybersecurity out to where employees and data are coming together
Many data breaches occur from within the business, whether explicitly by employees or by threats that have infiltrated the network.

What you need to know about Evil-Colon attacks
While novel attacks seem to emerge faster than TikTok trends, some warrant action before they’ve even had a chance to surface.

Mitigating the cybersecurity crisis for the school year ahead
As students head back into the classroom, K-12 district leaders are faced with the difficult task of preventing and mitigating cybersecurity threats against their districts.

High severity vulnerabilities found in Harbor open-source artifact registry
Oxeye security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities (CVE-2022-31671, CVE-2022-31666, CVE-2022-31670, CVE-2022-31669, CVE-2022-31667) in CNCF-graduated project Harbor, the popular open-source artifact registry by VMware.

The impact of location-based fraud
In this Help Net Security video, André Ferraz, CEO at Incognia, talks about the impact of location-based fraud, which is more prevalent than one would imagine, and it impacts different industries in many different ways.

The rise of attacks on critical infrastructure
In this Help Net Security video, Fleming Shi, CTO at Barracuda Networks, talks about the rise of attacks on critical infrastructure and how organizations are responding to them.

Open-source software usage slowing down for fear of vulnerabilities, exposures, or risks
Anaconda released its annual 2022 State of Data Science report, revealing the widespread trends, opportunities, and perceived blockers facing the data science, machine learning (ML), and artificial intelligence (AI) industries.

Is $15.6 billion enough to protect critical infrastructure?
In this Help Net Security video, Jeffrey J. Engle, Chair and President of Conquest Cyber, talks about why the increase in spending is necessary and whether it is enough to protect critical infrastructure.

Agent-based vs. agentless security: Pros and cons
In this Help Net Security video, Mark Nunnikhoven, Distinguished Cloud Strategist at Lacework, discusses agent-based vs. agentless approaches in security.

What do SOC analysts need to be successful?
Gurucul announced the results of a Black Hat USA 2022 security professionals survey with respondents indicating that insider threats were the most difficult type of attack for SOC analysts to detect, and that behavioral analytics was the most common piece of technology they felt was missing and that they planned to add to the SOC in the near future.

The best ways to safeguard crypto assets
In this Help Net Security video, Nick Percoco, Chief Security Officer at Kraken, explains why it’s important for crypto holders to think about personal security as an ongoing, holistic process, and offers tips on how to safeguard crypto assets.

The explosion of data is beyond human ability to manage
Dynatrace announced the results of an independent global survey of 1,303 CIOs and senior cloud and IT operations managers in large organizations, showing that as the move toward cloud-native architectures accelerates, the data generated by such environments outstrips current solutions’ ability to produce meaningful analytics.

Email-based threats: A pain point for organizations
In this Help Net Security video, Igal Lytzki, Incident Response Analyst at Perception Point, discusses a recent Remcos RAT malware campaign and more broadly, the threat that email-based threats and phishing pose to organizations.

How to keep public cloud data secure
In this Help Net Security video, Amit Shaked, CEO at Laminar, talks about public cloud data security blind spots, and provides tips for organizations to elevate their level of security.

4 key takeaways from “XDR is the perfect solution for SMEs” webinar
Cyberattacks on large organizations dominate news headlines. So, you may be surprised to learn that small and medium enterprises (SMEs) are actually more frequent targets of cyberattacks. Many SMEs understand this risk firsthand.

New infosec products of the week: September 23, 2022
Here’s a look at the most interesting products from the past week, featuring releases from 42Crunch, Cloudflare, Code42, Commvault, and Onfido.

More about

Don't miss