Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Cl0p announces rules for extortion negotiation after MOVEit hack
The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them – or they will post their name on their dedicated leak page.
0mega ransomware gang changes tactics
A number of ransomware gangs have stopped using malware to encrypt targets’ files and have switched to a data theft/extortion approach to get paid; 0mega – a low-profile and seemingly not very active threat actor – seems to be among them.
June 2023 Patch Tuesday forecast: Don’t forget about Apple
The odd month-to-month pattern of CVEs addressed by Microsoft continued with the May Patch Tuesday.
20 cybersecurity projects on GitHub you should check out
Open-source GitHub cybersecurity projects, developed and maintained by dedicated contributors, provide valuable tools, frameworks, and resources to enhance security practices.
AI: Interpreting regulation and implementing good practice
Businesses have been using artificial intelligence for years, and while machine learning (ML) models have often been taken from open-source repositories and built into business-specific systems, model provenance and assurance have not always necessarily been documented nor built into company policy.
Exploited zero-day patched in Chrome (CVE-2023-3079)
Google has fixed a high-severity vulnerability in the Chrome browser (CVE-2023-3079) that is being exploited by attackers.
How to make developers love security
Stories of the tension between developers and security teams are a longstanding feature of the software industry, stemming from the friction that security is often perceived to create.
How fraudsters undermine text passcodes
In this Help Net Security video, Lee Suker, Head of Authentication and Number Information at Sinch, talks about how moving away from passwords and SMS OTP is much more about human factors than technology factors.
Zoom announces privacy enhancements and tools
Zoom has introduced a new range of privacy enhancements and tools to make sure users have control over their data and their privacy preferences.
Leveraging large language models (LLMs) for corporate security and privacy
In the corporate world, LLMs can be invaluable assets. They’re being applied and changing how we collectively do business in customer service, internal communication, data analysis, predictive modeling, and much more.
Generative AI’s influence on data governance and compliance
In this Help Net Security video, Michael Rinehart, VP of Artificial Intelligence at Securiti.ai, discusses a dark side to generative AI that isn’t talked about enough.
Google extends passkeys to Google Workspace accounts
After making passkeys available for consumers in early May, Google is now rolling them out for Google Workspace and Google Cloud accounts.
Surveilling your employees? You could be putting your company at risk of attack
Are you watching your employees? Though the question may incite thoughts of “Big Brother” and an all-seeing or all-knowing entity, it isn’t quite as ominous as you might think.
Embracing realistic simulations in cybersecurity training programs
In this Help Net Security video, Ed Adams, CEO of Security Innovation, discusses the shifts in cybersecurity training. 60% of companies now include realistic simulations in their cybersecurity training programs compared to 36% in 2020.
9 free cybersecurity whitepapers you should read
This list of free cybersecurity whitepapers that don’t require registration covers a wide range of common cyber risks (ransomware, DDoS attacks, social network account hijacking).
Verizon 2023 Data Breach Investigations Report: 74% of breaches involve human element
Verizon Business released the results of its 16th annual Data Breach Investigations Report (2023 DBIR), which analyzed 16,312 security incidents and 5,199 breaches.
The evolution of DDoS attacks in 2023
In this Help Net Security video, Mattias Fridström, Chief Evangelist at Arelion, talks about the DDoS threat landscape during 2023.
Replace Barracuda ESG appliances, company urges
Barracuda Networks is urging customers running phyisical Email Security Gateway (ESG) appliances to replace them immediately, “regardless of patch version level.”
A new wave of sophisticated digital fraud hits Europe
Forced verification and deepfake cases multiply at alarming rates in the UK and continental Europe, according to Sumsub.
Introducing the book: Creating a Small Business Cybersecurity Program, Second Edition
In this Help Net Security video interview, Alan Watkins, CIS Controls Ambassador, CIS, talks about his new book – Creating a Small Business Cybersecurity Program, Second Edition.
High-risk vulnerabilities patched in ABB Aspect building management system
Prism Infosec has identified two high-risk vulnerabilities within the Aspect Control Engine building management system (BMS) developed by ABB.
CISOs focus more on business strategy than threat research
CISOs and ITDMs (IT security decision-makers) continue to be most occupied with business, IT and security program strategy, but they are spending less time on threat research, awareness and hunting compared to 2022, according to Nuspire.
Current SaaS security strategies don’t go far enough
Many recent breaches and data leaks have been tied back to SaaS apps, according to Adaptive Shield.
Public sector apps show higher rates of security flaws
Applications developed by public sector organizations tend to have more security flaws than applications created by the private sector, according to Veracode.
Katie Boswell on AI security and women’s rise in cybersecurity
Today’s AI revolution is continuously swelling with new ideas for commercial and personal use. However, integrating these new models into new industries also introduces a lot of risk to these robust systems.
New infosec products of the week: June 9, 2023
Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Datadog, Enveedo, Lacework, and NinjaOne.