Week in review: Manage the risk of ChatGPT use, know the danger of failed Okta logins

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

These 15 European startups are set to take the cybersecurity world by storm
Google has announced the startups chosen for its Cybersecurity Startups Growth Academy. The 15 selected startups are from eight countries and were chosen from over 120 applicants.

Threat actors are experimenting with QR codes
Hackers are diversifying attack methods, including a surge in QR code phishing campaigns, according to HP.

A common user mistake can lead to compromised Okta login credentials
Logged failed logins into a company’s Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found.

Ferrari data breach: Client data exposed
Italian luxury sports car maker Ferrari has suffered a data breach and has confirmed on Monday that it “was recently contacted by a threat actor with a ransom demand related to certain client contact details,” but that it won’t be paying up.

Fake ChatGPT for Google extension hijacks Facebook accounts
A new Chrome extension promising to augment users’ Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found.

2022 witnessed a drop in exploited zero-days
Malicious threat actors have actively exploited 55 zero-days in 2022 – down from 81 in 2021 – with Microsoft, Google, and Apple products being most targeted.

Detecting face morphing: A simple guide to countering complex identity fraud
Facial morphing is a visual editing method of combining two (sometimes more) facial images to create a blended portrait. It’s often used for seamless realistic transformations between two faces in movies and computer games.

How to best allocate IT and cybersecurity budgets in 2023
As 48% of organizations rank ransomware and targeted threats as their number one concern for 2023, how can they allocate that increased cybersecurity budget effectively? In this Help Net Security video, Ian McShane, VP of Strategy at Arctic Wolf, explains.

CISA releases free tool for detecting malicious activity in Microsoft cloud environments
Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) cloud environments have a new free solution at their disposal: Untitled Goose Tool.

How to protect online privacy in the age of pixel trackers
While pixel technology has been around for years, privacy regulations such as CCPA and GDPR have created new, much stricter rules, making the practice of data harvesting through a tracking pixel highly controversial.

Most mid-sized businesses lack cybersecurity experts, incident response plans
Mid-sized businesses are increasingly aware of the need for layered cybersecurity strategies. However, more tools doesn’t necessarily equal more protection.

The impact of AI on the future of ID verification
In this Help Net Security video, Liudas Kanapienis, CEO of Ondato, discusses the impact of AI on the future of ID verification and how it is transforming the way identities are being verified.

5 rules to make security user-friendly
Engineers and technologists commonly blame insecure user behavior on ignorance, on laziness, and on other human failings. The reality is that the user experience (UX) of user security is awful and not getting better.

IT security spending to reach nearly $300 billion by 2026
Investments in hardware, software, and services related to cybersecurity are expected to reach nearly $300 billion in 2026, driven by the ongoing threat of cyberattacks, the demands of providing a secure hybrid work environment, and the need to meet data privacy and governance requirements.

Why you should treat ChatGPT like any other vendor service
In this Help Net Security video, Meghan Maneval, Director of Technical Product Management, Reciprocity, discusses why companies considering the utilization of ChatGPT internally must ensure the tool and the provider undergo the same third-party risk management process as any other application.

Enhance security while lowering IT overhead in times of recession
Economic uncertainty in the face of non-stop threats, a severe talent shortage, and employees’ expectation of hybrid work as a job perk will stress IT spending throughout 2023.

How to combat hardware Trojans by detecting microchip manipulations
Not only do security vulnerabilities lurk within software, but they can also be embedded directly into hardware, leaving technical applications open to widespread attack.

Best practices to secure digital identities
With cybersecurity incidents involving compromised credentials continually the most common cause of a data breach for enterprises – and account takeover for individuals, securing digital identities has become paramount. In this Help Net Security video, Jeff Reich, Executive Director at the Identity Defined Security Alliance (IDSA), tells us more.

A closer look at TSA’s new cybersecurity requirements for aviation
Just like any other critical infrastructure sector, the aviation industry is a prime target for cyberattacks due to the critical nature of its operations and the potential for significant financial and reputational damage.

Cyber threats to EU transport sector sends urgent call for enhanced cybersecurity
Between January 2021 and October 2022, the EU Agency for Cybersecurity (ENISA) analyzed and mapped the cyber threats faced by the transport sector, identifying prime threats, analyzing incidents, assessing threat actors, analyzing their motivations, and introducing major trends for each sub-sector, thereby providing new insights.

Why organizations shouldn’t fold to cybercriminal requests
In this Help Net Security video, Gerasim Hovhannisyan, CEO at EasyDMARC, discusses how domain authentication tools such as DKIM, SPF, and DMARC can help mitigate risk and limit the number of phishing attacks, identifying fraudulent messages before they even hit the receiver’s inbox and making organizations a less attractive target.

Top ways attackers are targeting your endpoints
Every endpoint hardened against exploitation of vulnerabilities is a stumbling block for a threat actor trying to propagate malware in a corporate IT environment.

New infosec products of the week: March 24, 2023
Here’s a look at the most interesting products from the past week, featuring releases from ForgeRock, Vectra, Verosint, Vumetric, and Waterfall Security Solutions.

More about

Don't miss