Week in review: ChatGPT and cybersecurity, hidden vulnerabilities in Docker containers

The week in security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Google Protected Computing: Ensuring privacy and safety of data regardless of location
In this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general.

Users looking for ChatGPT apps get malware instead
The massive popularity of OpenAI’s chatbot ChatGPT has not gone unnoticed by cyber criminals: they are exploiting the public’s eagerness to experiment with it to trick users into downloading Windows and Android malware and visit phishing pages.

Defenders on high alert as backdoor attacks become more common
Although ransomware‘s share of incidents declined only slightly from 2021 to 2022, defenders were more successful detecting and preventing ransomware, according to IBM.

Cybersecurity layoffs in 2023: What to expect?
The economic downturn predicted for 2023 will lead to layoffs but cybersecurity workers will be least affected, says the latest (ISC)² report. Also, as soon as things get better, they will likely be the first ones to get (re)hired.

VMware patches critical injection flaw in Carbon Black App Control (CVE-2023-20858)
VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution for preventing untrusted software from executing on critical systems and endpoints.

PoC exploit, IoCs for Fortinet FortiNAC RCE released (CVE-2022-39952)
Horizon3.ai’s Attack Team has released a PoC exploit for CVE-2022-39952, a critical vulnerability affecting FortiNAC, Fortinet’s network access control solution.

What can we learn from the latest Coinbase cyberattack?
Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies last year.

Twitter will start charging users for SMS-based 2FA option
Twitter has announced that starting with March 20, users who don’t pay the Twitter Blue subscription will no longer be able to use the SMS-based two-factor authentication (2FA) option.

Four steps SMBs can take to close SaaS security gaps
Despite economic volatility and tighter budgets, adoption of software as a service (SaaS) continues to increase.

Cybersecurity takes a leap forward with AI tools and techniques
Scientists have taken a key step toward harnessing a form of artificial intelligence known as deep reinforcement learning, or DRL, to protect computer networks.

ChatGPT is bringing advancements and challenges for cybersecurity
As with any new technology, ChatGPT can be used for both good and bad – and this has major implications for the world of cybersecurity.

Researchers find hidden vulnerabilities in hundreds of Docker containers
Rezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools.

Why people-driven remediation is the key to strong API security
In this Help Net Security video, Matias Madou, CTO at Secure Code Warrior, discusses how pursuing the latest and greatest security tools can distract developer teams from where attention to detail is still needed: people-driven remediation.

Healthcare data breaches still higher than pre-pandemic levels
The number of data breaches affecting healthcare providers declined in the second half of 2022, consistent with a downward trend over the past two years, according to Critical Insight.

The top security threats to GraphQL APIs and how to address them
Enterprises looking to modernize their APIs are increasingly switching from the REST architecture to the open-source data query and manipulation language GraphQL.

How advancing cyber education can help fill workforce gaps
In this Help Net Security video, José-Marie Griffiths, President of Dakota State University, discusses how this shortage is not just a mere inconvenience but a major threat compromising the safety and security of companies and putting the sensitive information of their clients and customers at risk.

Complexity, volume of cyber attacks lead to burnout in security teams
The rapid evolution of cybercrime is weighing on security teams substantially more than it did last year, leading to widespread burnout and potential regulatory risk, according to Magnet Forensics.

Are your IoT devices at risk? Cybersecurity concerns for 2023
In this Help Net Security video, J.R. Cunningham, CSO at Nuspire, discusses IoT cybersecurity concerns for 2023.

Most vulnerabilities associated with ransomware are old
Researchers identified 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022 – marking a 19% increase year-over-year.

Insider threats must be top-of-mind for organizations facing layoffs
In this Help Net Security video, Nick Tausek, Lead Security Automation Architect at Swimlane, talks about how with the stress, anxiety, frustration, and unknown of what lies ahead for these suddenly unemployed workers, organizations need to prepare themselves for insider threats.

Resecurity warns about cyber-attacks on data center service providers
Resecurity warns about the increase of malicious cyber activity targeting data center service providers globally.

What to expect at BSidesNYC 2023
In this Help Net Security video interview, Huxley Barbee, lead organizer of BSidesNYC 2023, talks about the upcoming event.

New infosec products of the week: February 24, 2023
Here’s a look at the most interesting products from the past week, featuring releases from CyberGRX, Lacework, Malwarebytes, Netography, Nudge Security, and Xcitium.

More about

Don't miss