Week in review: High-severity OpenSSL vulnerabilities fixed, Patch Tuesday forecast

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

ConnectWise backup solutions open to RCE, patch ASAP!
ConnectWise has fixed a critical vulnerability in ConnectWise Recover and R1Soft Server Backup Manager that could allow attackers to achieve remote code exection (RCE) or access confidential data.

Instagram account suspension wave hits users
Many Instagram users were faced with an alarming message when they tried to use the service. By following the #instagramdown hashtag on Twitter – where many affected users have flocked to complain to Instagram and see if others were affected – one can see that this “outage” hit users around the world.

High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)
Version 3.0.7 of the popular OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786, two high-severity buffer overflow vulnerabilities in the punycode decoder that could lead to crashes (i.e., denial of service) or potentially remote code execution.

130 Dropbox code repos plundered after successful phishing attack
Dropbox has suffered a data breach, but users needn’t worry because the attackers did not gain access to anyone’s Dropbox account, password, or payment information.

Attackers leverage Microsoft Dynamics 365 to phish users
Attackers are abusing Microsoft Dynamics 365 Customer Voice to evade email filters and deliver phishing emails into Microsoft users’ inboxes, Avanan researchers are warning.

November 2022 Patch Tuesday forecast: Wrapping up loose ends?
October 2022 Patch Tuesday was a little unusual last month, as it ‘kind of’ repeated itself the following week. Microsoft turned around and released a series of non-security updates that fixed some discovered connections issues – forcing many to conduct another unplanned patch cycle.

How to fortify elections and electoral campaigns against human hacking
In this interview for Help Net Security, James Turgal, VP of Cyber Risk, Strategy and Board Relations at Optiv, talks about election cybersecurity and how to keep elections and electoral campaigns safe.

Meet fundamental cybersecurity needs before aiming for more
In this interview for Help Net Security, Mike Lefebvre, Director of Cybersecurity at SEI, talks about the hierarchy of cybersecurity needs and what should be done to meet them properly.

IoT cybersecurity is slowly gaining mainstream attention
In this interview for Help Net Security, Jason Oberg, CTO at Cycuity, talks about IoT devices cybersecurity, from production to usage, and how far have we come to securing these devices.

Will cyber saber-rattling drive us to destruction?
As cyberattacks have grown increasingly destructive, nations are entertaining the idea of responding to them with conventional military forces.

Cyberattacks in healthcare sector more likely to carry financial consequences
Netwrix announced additional findings for the healthcare sector from its global 2022 Cloud Security Report, revealing that 61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals.

Scams targeting cryptocurrency enthusiasts are getting more prevalent
In this Help Net Security video, Tim Callan, Chief Compliance Officer at Sectigo, talks about the evolution of phishing scams and how cybercriminals are now innovating in order to access cryptocurrency wallets.

You can up software supply chain security by implementing these measures
The COVID-19 pandemic has been a driving force in digital acceleration, and it continues to wield its influence in how organizations and their staff embrace work.

32% of cybersecurity leaders considering quitting their jobs
32% of CISOs or IT Security DMs in the UK and US are considering leaving their current organization, according to a research from BlackFog.

Most missed area of zero trust: Unmanageable applications
In this Help Net Security video, Matthew Chiodi, Chief Trust Officer of Cerby, talks about the likely hole in your security strategy. This video zeroes in on one of the most important yet often missed areas of zero trust: unmanageable applications, which leading analysts say contribute to a third of all security breaches.

Following Log4j: Supporting the developer community to secure IT
How bad was the Log4j vulnerability for open source’s reputation? One of the most high-profile exploits in recent years, it even led to a government advisory from the UK’s National Cyber Security Center being issued after Iranian state hackers took advantage of it.

How to deal with burnout when you’re the CISO
In this Help Net Security video, Josh Yavor, CISO at Tessian, offers a personal perspective on dealing with burnout as a CISO.

Alternatives to a lift-and-shift cloud migration strategy
Cloud environments offer greater agility and availability, simple and elastic scalability, and innovation that continues to accelerate digital transformation.

Open-source software fosters innovation, but only with the right controls in place
In this Help Net Security video, Michael Cote, Senior Member Of Technical Staff at VMware, talks about recent VMware research, which reveals security concerns in the overall open-source software supply chain are increasing.

Cybersecurity recovery is a process that starts long before a cyberattack occurs
While most organizations have insurance in case of cyberattacks, the premium they pay depends on how the business identifies, detects and responds to these attacks – and on how quickly they recover.

Top 4 priorities for cloud data protection
In this Help Net Security video, Dimitri Sirota, CEO at BigID, discusses how companies are unprepared to deal with the unique challenges of securing data in the cloud.

The biggest threat to America’s election system? Ourselves
With midterm elections right around the corner, many Americans are questioning whether they can trust the election process. To be honest, this is fair, given the highly publicized stories of foreign election interference over the last few years.

The most frequently reported vulnerability types and severities
In this Help Net Security video, Carlos Yanez, Security Consultant at Bishop Fox, talks about the most frequently reported vulnerability types and severities.

Outmaneuvering cybercriminals by recognizing mobile phishing threats’ telltale markers
Smartphones are our main connection to our digital endpoints – social media, email, apps, SMS, etc. – and the sophistication of today’s phishing criminals means that even the most switched on and savvy users can fall prey to attacks.

Privacy, compliance challenges businesses face after Roe v. Wade repeal
In this Help Net Security video, Rebecca Herold, IEEE member and CEO of Privacy & Security Brainiacs, discusses data, privacy, surveillance, and compliance challenges facing businesses in the wake of the US Supreme Court’s repeal of the Roe v. Wade decision.

IDC Analyst Brief reveals how passwords aren’t going away
Passwords are the keys to the kingdom. Hardening the password security layer requires a multistep approach. This IDC Analyst Brief reveals how passwords aren’t going away and what can be done to improve their creation.

Whitepaper: Shared responsibility model for cloud security
With high chances of user error, limited security resources, and constantly evolving computing environments, commercial and public organizations need cybersecurity resources to help protect their data and workloads in the cloud.

Infosec products of the month: October 2022
Here’s a look at the most interesting products from the past month, featuring releases from: ABBYY, ARMO, Array, AuditBoard, AwareGO, Code42, Corelight, Digi International, EnigmaSoft, Exabeam, HashiCorp, Illusive, Kasten by Veeam, Legit Security, LiveAction, LogRhythm, Mandiant, Pentest People, Portnox, Prove, RSA, SkyKick, Socure, Stytch, Thales, and Verica.

New infosec products of the week: November 4, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Bitdefender, Forescout, Mitek, NAVEX, OneSpan, Persona, Qualys, Tanium, and Tresorit.

More about

Don't miss