Week in review: Kali Linux gets Purple, Microsoft zero-days get patched

The week in security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Samsung, Vivo, Google phones open to remote compromise without user interaction
Several vulnerabilities in Samsung’s Exynos chipsets may allow attackers to remotely compromise specific Samsung Galaxy, Vivo and Google Pixel mobile phones with no user interaction.

Top 50 most impersonated brands by phishing URLs
Finance, technology, and telecom brands were the most commonly impersonated industries, notably for the unprecedented access and financial benefit that bank accounts, email and social media, and phone companies can give attackers, according to Cloudflare.

Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)
It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 76 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors.

How ChatGPT is changing the cybersecurity game
The cybersecurity industry can leverage GPT-3 potential as a co-pilot to help defeat attackers, according to Sophos.

CISA warns CI operators about vulnerabilities on their networks exploited by ransomware gangs
Organizations in critical infrastructure sectors whose information systems contain security vulnerabilities associated with ransomware attacks are being notified by the US Cybersecurity and Infrastructure Security Agency (CISA) and urged to implement a fix.

Kali Linux 2023.1 released – and so is Kali Purple!
OffSec has released Kali Linux 2023.1, the latest version of its popular penetration testing and digital forensics platform, and the release is accompanied by a big surprise: a technical preview of Kali Purple, a “one stop shop for blue and purple teams.” The company has also updated its Penetration Testing with Kali Linux (PEN-200) course to incorporate the latest ethical hacking tools and techniques.

Security in the cloud with more automation
Are you looking for more automation to apply CIS best practices to your workloads in AWS?

Fighting financial fraud through fusion centers
Keeping up with financial fraud is incredibly difficult because accurate fraud detection requires a deep, real-time analysis of all the events surrounding a transaction.

SVB account holders targeted with phishing, scams
After news broke late last week about Silicon Valley Bank’s bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts.

So, you want to deploy air-gapped Kubernetes, huh?
One of the reasons Kubernetes deployments in such environments so often struggle or outright fail is because many organizations don’t properly plan in advance for what the architecture should look like.

Virtual patching: Cut time to patch from 250 days to <1 day
Timely patching is an important aspect of managing vulnerabilities but is not always achievable in every circumstance.

The rise of AI threats: Is your business prepared to face ChatGPT?
In this Help Net Security video, Rodman Ramezanian, Global Cloud Threat Lead at Skyhigh Security, discusses how ChatGPT can strengthen business defenses.

The SVB demise is a fraudster’s paradise, so take precautions
For those who haven’t followed the drama, Silicon Valley Bank has been shut down by the California Department of Financial Protection and Innovation, after a bank run that followed an insolvency risk and a stock crash.

New algorithm may change the future of secure communication
Researchers have made a significant breakthrough in secure communication by developing an algorithm that conceals sensitive information so effectively that it is impossible to detect anything hidden.

Best practices for securing the software application supply chain
In this Help Net Security video, Uri Dorot, Sr. Security Solutions Lead at Radware, discusses how without proper client-side protection, organizations are flying blind.

We can’t wait for SBOMs to be demanded by regulation
A SBOM is a list of all the open source and third-party components present in a piece of software, but also more than that: it contains the version numbers, the licenses, and the patch status of each component.

TSA issues additional cybersecurity rules for the aviation sector
The Transportation Security Administration (TSA) issued a new cybersecurity amendment to the security programs of certain TSA-regulated (airport and aircraft) operators in the aviation sector, following similar measures announced in October 2022 for passenger and freight railroad carriers.

How two-step phishing attacks evade detection and what you can do about it
In this Help Net Security video, Ofek Ronen, Software Engineer at Perception Point, discusses two-step phishing attacks, which are not only dangerous but also evasive, making them even more challenging to detect and avoid.

Understanding password behavior key to developing stronger cybersecurity protocols
Passwords are still the weakest link in an organization’s network, as proven by the analysis of over 800 million breached passwords, according to Specops Software.

Cyber attribution: Vigilance or distraction?
Cyber attribution is a process by which security analysts collect evidence, build timelines and attempt to piece together evidence in the wake of a cyberattack to identify the responsible organization/individuals.

Exfiltration malware takes center stage in cybersecurity concerns
While massive public data breaches rightfully raise alarms, the spike in malware designed to exfiltrate data directly from devices and browsers is a key contributor to continued user exposure, according to SpyCloud.

How healthcare CISOs can automate cloud security controls
In the case of treating infrastructure as code, native and third-party cloud management platforms enable users to templatize security configuration for infrastructure and store those templates for easy use every time a new environment needs to be stood up.

Data loss prevention company hacked by Tick cyberespionage group
ESET researchers have uncovered a compromise of an East Asian data loss prevention (DLP) company.

Organizations need to re-examine their approach to BEC protection
BEC attacks are growing year over year and are projected to be twice as high as the threat of phishing in general, according to IRONSCALES and Osterman Research.

How Mirel Sehic relies on simplicity to focus on product security
If you are developing a modern medical, manufacturing, or logistics facility, there’s no doubt that a large portion of your investment was made into the electronic aspects of your device.

Webinar: Tips from MSSPs to MSSPs – starting a vCISO practice
Watch this panel discussion to hear from MSSP leaders who already sell vCISO services as they discuss why they have expanded into offering vCISO services and share expert tips and recommendations.

Product showcase: Permit.io – Application-level permissions with a no-code UI
Managing user access in applications has always been a headache for any developer. Implementing policies and enforcing them can prove to be quite complex, and very time-consuming.

New infosec products of the week: March 17, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Atakama, Elevate Security, Hornetsecurity, HYPR, and ReversingLabs.

More about

Don't miss