Week in review: Rackspace outage, Kali Linux 2022.4 released, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Rackspace Hosted Exchange outage was caused by ransomware
Rackspace has finally confirmed the cause of the security incident that resulted in an ongoing outage of its Hosted Exchange service: it’s ransomware.
Google Chrome zero-day exploited in the wild (CVE-2022-4262)
Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the wild.
December 2022 Patch Tuesday forecast: Fine-tuning the connectivity
Microsoft wrapped up a lot of ‘loose ends’ last month with their November set of updates, but there is still some work to do before the end-of-year holiday season.
Attackers take over expired domain to deliver web skimming scripts
Attackers have taken over at least one expired domain that used to host a popular JavaScript library and used it to deliver web skimming scripts to a number of e-commerce sites.
Kali Linux 2022.4 released: Kali NetHunter Pro, desktop updates and new tools
Offensive Security has released Kali Linux 2022.4, the latest version of its popular penetration testing and digital forensics platform.
Research reveals where 95% of open source vulnerabilities lie
New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from this common practice.
Apple unveils end-to-end encryption for iCloud backup, Photos, etc.
Apple is expanding end-to-end encryption options for users and finally offering E2EE for their iCloud backup.
Engage your employees with better cybersecurity training
Organizations need to take a multidimensional approach to cybersecurity because biannual training videos aren’t enough to engage employees or protect your business.
Top 10 free MITRE ATT&CK tools and resources
MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK is open and available to any person or organization for use at no charge.
The evolution of DevSecOps
In this Help Net Security video, Mark Troester, VP of Strategy, Progress, uncovers the true state of DevOps and DevSecOps adoption.
What’s the Matter with digital trust in smart home devices?
Only a decade ago it may have been hard to imagine how digital and connected many of our home features would become.
How companies time data leak disclosures
Every year the personal data of millions of people, such as passwords, credit card details, or health details, fall into the hands of unauthorized persons through hacking or data processing errors by companies.
Dark web recruiting techniques: Malware, phishing, and carding
In this Help Net Security video, Roman Faithfull, Cyber Intelligence Analyst at Digital Shadows, talks about how threat actors mobilize new members within the cybercriminal ecosystem.
How to get cloud migration right
If you want to get cloud migration right, you must deal with an inconvenient truth: Cloud or hybrid cloud environments lower the drawbridge between your data center and the internet, and that creates opportunity as well as security risk.
68% of IT leaders are worried about API sprawl
Axway announced new data from its inaugural 2022 Open Everything Strategy Survey Report, which found that nearly 40% of organizations are in the process of adopting a new hybrid approach for their IT infrastructure.
Deal with sophisticated bot attacks: Learn, adapt, improve
In this Help Net Security video, Cyril Noel-Tagoe, Principal Security Researcher at Netacea, speaks about the dangers bots pose and what companies can do to defend themselves.
Data protection and security in 2023
Change is the only constant. How we think about data protection, rules and regulations, and the changing of organizational structure is evolving.
Connected medical devices are the Achilles’ heel of healthcare orgs
The rising adoption of connected medical devices is accelerating cyberattacks, according to Capterra’s Medical IoT Survey of healthcare IT professionals.
How IoT is changing the threat landscape for businesses
In this Help Net Security video, Paul Keely, Chief Cloud Officer at Open Systems, talks about how organizations that employ IoT technology have improved their business efficiency.
Why automation is critical for scaling security and compliance
As companies are modernizing their tech stacks, many are unwittingly putting their business and customers at risk.
Economic uncertainty will greatly impact the spread of cybercrime
Norton released its top cyber trends to watch in 2023, emphasizing that the economy will have the greatest impact on the spread of cybercrime next year.
Insights into insider threats: Detecting and monitoring abnormal user activity
In this Help Net Security video, Andrew Hollister, CISO at LogRhythm, discusses how organizations focus their threat detection and prevention strategies on external actors. Still, internal threats can cause just as much harm.
Open-source tool for security engineers helps automate access reviews
ConductorOne open-sourced their identity connectors in a project called Baton, available on GitHub.
New infosec products of the week: December 9, 2022
Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Arkose Labs, Kudelski Security, Lepide, OPSWAT, Palo Alto Networks, and Thales.