Last week’s cybersecurity news was filled with significant developments and insights into the ever-evolving digital landscape. Here are some of the most noteworthy stories from the past week:
In an interview with Help Net Security, Ryan Woodley, CEO of Netcraft, highlighted the importance of monitoring, collecting, and analyzing internet data. Woodley emphasized that these activities offer a profound understanding of the internet and enable the identification of potential threats and vulnerabilities.
Dennis Fridrich, VP of Cybersecurity at TRIMEDX, discussed the hidden costs of cyberattacks on health systems in another Help Net Security interview. He also explored the role of insurers in promoting cybersecurity preparedness and offered advice on effective cyber risk management for organizations in the healthcare industry.
Brett Harris, Cybersecurity Officer for the Americas at Siemens Healthineers, addressed the persistent threat of cyberattacks on healthcare institutions. Harris stressed the long-term impacts of these attacks and provided insights into the measures healthcare providers can take to protect patients’ personal data and medical devices.
Researchers from MDSec discovered an authentication bypass vulnerability in the Arcserve Unified Data Protection (UDP) enterprise data protection solution. This vulnerability, designated as CVE-2023-26258, can potentially compromise admin accounts and allow attackers to take control of vulnerable instances. The researchers also released a Proof of Concept (PoC) exploit for this flaw.
The NCC Group’s Threat Pulse report highlighted the activities of different ransomware groups, emphasizing the prominence of Lockbit 3.0. The report also mentioned emerging groups like 8Base and Akira, which are gaining traction in the ransomware landscape.
The compromise of PBI Research and The Berwyn Group’s MOVEit installation resulted in the theft of data belonging to pension systems and insurance companies. This incident affected millions of users and underscored the importance of robust security measures for sensitive information.
For individuals interested in enhancing their cybersecurity skills, Help Net Security recommended five free online courses: Cryptography, Networks and Communications Security, Security Awareness Training, Security Operations and Administration, and Systems and Application Security. These courses cover various aspects of cybersecurity and provide valuable knowledge for professionals in the field.
In a video interview, Aaron Turner, IANS Faculty and SaaS CTO at Vectra AI, explored the importance of hardening Microsoft 365 tenants. He discussed how this approach can reduce the risk of cloud attacks, emphasizing the need for proactive security measures in cloud environments.
Abnormal Security’s findings revealed that European organizations experienced a higher volume and frequency of Business Email Compromise (BEC) attacks compared to their counterparts in the United States. BEC attacks pose significant threats to organizations’ financial security and underscore the need for robust email security solutions.
NetSPI’s Attack Surface Management (ASM) platform, designed to improve visibility and inventory of assets and exposures, was featured in a demo video. The platform provides organizations with comprehensive insights into their global attack surface, enabling better threat intelligence and risk management.
Permiso conducted a survey that explored organizations’ attitudes towards cloud security. While respondents acknowledged engaging in risky practices within their cloud environments, they expressed confidence in the effectiveness of their security tools and processes to safeguard their organizations against potential attacks.
In another video interview, Fawaz Rasheed, Field CISO at VMware, discussed the empowerment that cyber insurance brings to Chief Information Security Officers (CISOs). He highlighted the importance of cyber insurance as part of an organization’s holistic cybersecurity strategy.
Orca Security’s research shed light on the urgent need for comprehensive cloud security measures. Attackers can find exposed “secrets” within minutes and exploit them rapidly, emphasizing the importance of robust security practices in cloud environments.
Shane Shook, Venture Partner at Forgepoint Capital, shared insights into the competencies that data companies need to surpass their competition. He emphasized that cutting-edge technology alone is not sufficient, and organizations must cultivate the right combination of skills and strategies to stand out in the market.
Nexusguard’s report revealed a significant increase in the number of Distributed Denial of Service (DDoS) attacks worldwide in 2022. The growing threat of DDoS attacks highlights the vulnerability of digital infrastructure and the need for strong defenses against such cyber threats.
In a video interview, Mitja Kolsek, CEO at Acros Security, explained the concept of micropatches as a solution to critical security problems. Micropatches provide temporary fixes for vulnerabilities while organizations wait for official updates, reducing the risk of exploitation.
Rezilion’s research underscored the security risks associated with popular generative AI projects. Many open-source projects utilizing insecure generative AI techniques have poor security postures, posing a substantial risk to organizations. This highlights the critical need for robust security measures in the AI space.
A guide on Attack Surface Management (ASM) was also featured, emphasizing its complementarity to penetration testing. ASM offers an always-on approach to identifying and prioritizing attack surface exposures, empowering organizations to strengthen their security posture.
Finally, Help Net Security highlighted several new infosec products released the previous week. These products, from companies like Cequence Security, Delinea, Index Engines, and NetApp, showcased the continuous innovation in the cybersecurity industry.
In conclusion, last week’s cybersecurity news covered a wide range of topics, from interviews with industry experts to insights into emerging threats and security solutions. These developments serve as critical reminders of the evolving cybersecurity landscape and the importance of proactive measures in safeguarding digital assets and infrastructure.