Week in review: 5 Kali Linux tools, Spotify’s Backstage vulnerability, Cybertech NYC 2022

The week in security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

As trust in online spaces degrades, Canada bolsters resilience against cyber attacks
In this Help Net Security interview, Sami Khoury, Head of the Canadian Centre for Cyber Security, talks about how Canada is addressing today’s top threats, touches upon his long career and offers tips for those new to the industry.

Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands
The Ukrainian CERT (CERT-UA) has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files.

SSVC: Prioritization of vulnerability remediation according to CISA
Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability prioritization and remediation are a goal all organizations should aspire to achieve.

Electronics repair technicians snoop on your data
When your computer or smartphone needs repairing, can you trust repair technicians not to access or steal your personal data? According to the results of a recent research by scientists with University of Guelph, Canada, you shouldn’t.

Moving your Microsoft environment to zero trust
As organizations move Microsoft environments towards zero trust, it’s vital to ensure that all the pieces fit together perfectly.

5 Kali Linux tools you should learn how to use
Kali Linux is a specialized Linux distribution developed by Offensive Security, designed for experienced Linux users who need a customized platform for penetration testing.

Key cybersecurity trends in the energy sector
In this Help Net Security video, Tony Burton, Managing Director – Cyber Security & Trust at Thales UK, discusses key cybersecurity trends in the energy sector.

Unwanted emails steadily creeping into inboxes
A research from Hornetsecurity has revealed that 40.5% of work emails are unwanted.

5 use cases with a malware sandbox
Malware attacks are commonplace today, executing within minutes and causing damage for weeks or months. Rapid detection and swift, effective incident response are essential in this situation.

The psychological fallout of a ransomware crisis
In this Help Net Security video, Inge van der Beijl, Director Behaviour & Resilience at Northwave, talks about the research findings and illustrates how the psychological impact of ransomware attacks can persist on people in affected organizations for a very long time.

Critical vulnerability in Spotify’s Backstage discovered, patched
A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments.

Rallying cybersecurity and healthcare IT to support patient safety
The expansion of cyber-physical systems in healthcare, particularly the IP “heartbeats” dispersed across hospital networks, has stretched cybersecurity beyond its IT legacy of monitoring for downed email and site uptimes at a clinic.

Stop audience hijacking and defend against redirection to malicious websites
In this Help Net Security video, Patrick Sullivan, CTO of Security Strategy at Akamai, talks about the threat of audience hijacking and offers protection tips.

Top enterprise email threats and how to counter them
A research from Tessian, the State of Email Security Report, found that enterprise email is now the No. 1 threat vector for cyberattacks.

Why companies can no longer hide keys under the doormat
For good reason, companies trust in encryption, blockchain, zero trust access, distributed or multi-party strategies, and other core technologies. At the same time, companies are effectively hiding the keys that could undermine all these protections under a (figurative) doormat.

Creating a holistic ransomware strategy
In this Help Net Security video, Christopher Rogers, Technology Evangelist at Zerto, illustrates how ransomware can be combated with proper recovery strategies.

Cloud data protection trends you need to be aware of
Veeam Software released the findings of the company’s Cloud Protection Trends Report 2023, covering four key “as a Service” scenarios: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Backup and Disaster Recovery as a Service (BaaS/DRaaS).

Breaking down data encryption techniques aimed at improving data privacy
In this Help Net Security video, Dana Morris, SVP Product and Engineering at Virtru, talks about privacy-preserving cryptography.

How to improve secure coding education
In this Help Net Security video, Jason Hong, Professor at Carnegie Mellon University, discusses the steps both industry and academia can take to improve application security knowledge and secure coding education.

Robotic Process Automation (RPA) adoption hindered by security concerns
In this Help Net Security video, David Higgins, Senior Director at CyberArk’s Field Technology Office, explains how Robotic Process Automation and bots are an immense threat.

Top security priorities for 2023
In this Help Net Security video, Rodman Ramezanian, Cloud Threat Lead at Skyhigh Security, talks about what we can expect in 2023 security wise.

Cybersecurity implications of using public cloud platforms
In this Help Net Security video, Andrew Slater, Practice Director – Cloud at Node4, talks about how organizations have encountered challenges in getting the final 20-30% of their production workloads into public cloud environments and addresses the cybersecurity implications.

The challenges of tracking APT attacks
In this Help Net Security video, Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes, talks about the complexities of ATP attacks determination.

CIS SecureSuite Membership: Leverage proven best practices to improve cybersecurity
CIS SecureSuite provides thousands of organizations with access to an effective and comprehensive set of cybersecurity resources and tools to implement the CIS Critical Security Controls (CIS Controls) and CIS Benchmarks.

Cybertech NYC 2022 video walkthrough
Help Net Security is in New York City this week for Cybertech NYC 2022 at the Javits Center.

Photos: Cybertech NYC 2022
Help Net Security is in New York City at the Javits Center this week for Cybertech NYC 2022. Here’s a closer look at this event, which focuses on innovation and the future of cyber.

Product showcase: ESET’s newest consumer offerings
ESET’s newest consumer product release takes a comprehensive approach to security to guard against a full range of threats.

New infosec products of the week: November 18, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, Bearer, Clumio, Cohesity, ForgeRock, Keyo, LOKKER, and SecureAuth.

More about

Don't miss