Last week was full of interesting news, articles, interviews, and videos in the cybersecurity world. Help Net Security covered a wide range of topics, including the importance of security awareness in healthcare, the development of 6G networks, and critical patches for Microsoft products. Let’s take a closer look at some of these stories.
In an interview with Help Net Security, Ken Briggs, General Counsel at Salucro, emphasized the significance of fostering a culture of security awareness in healthcare organizations. With the increasing number of cyberattacks targeting the healthcare sector, it has become essential for leaders to prioritize security and educate their employees about the potential risks and best practices to mitigate them.
Shamik Mishra, Capgemini’s CTO of Connectivity, discussed the future of 6G networks in another interview. He delved into the emerging themes and technologies shaping 6G, highlighting its performance metrics compared to 5G and the role of advanced AI algorithms. Mishra also touched upon the geopolitical race for 6G leadership, emphasizing the importance of countries investing in the development of this advanced network technology.
Fortinet’s recent patch release for CVE-2023-27997, a remote code execution flaw in Fortigate firewalls, was another significant news item. The company had released several versions of FortiOS without mentioning the fix for this critical vulnerability. Users were urged to update their Fortigate firewalls as soon as possible to protect their systems from potential exploitation.
June’s Patch Tuesday from Microsoft brought 70 new patches, but the good news was that none of the fixed vulnerabilities were currently being exploited or publicly known. This provided a brief respite from the constant threat of cyberattacks targeting Microsoft Windows, SharePoint, and Exchange. Organizations were advised to prioritize these critical patches to ensure the security of their systems.
The Cl0p gang’s MOVEit rampage continued to make headlines, with security researchers releasing a proof-of-concept exploit for CVE-2023-34362, the remote code execution vulnerability exploited by the cyber extortion group. As more victim organizations surfaced, it became increasingly important for entities to patch their systems and enhance their security measures to prevent further data breaches.
VMware addressed critical flaws in Aria Operations for Networks (formerly vRealize Network Insight), its enterprise network monitoring tool. The company released fixes for two critical vulnerabilities (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889). This reinforced the importance of regular updates and patches to maintain a secure network infrastructure.
The Swiss government faced cyberattacks, including distributed denial-of-service (DDoS) attacks and ransomware incidents. The frequency of such attacks on Swiss government organizations, cantonal governments, cities, and companies had increased over the past few months. This highlighted the need for robust cybersecurity measures to protect critical government infrastructure.
Cyber extortion attacks were reported to be at an all-time high, posing a significant threat to organizations of all sizes and industries. Orange Cyberdefense emphasized the importance of proactive defense strategies and comprehensive security measures to mitigate the risks associated with these attacks.
The increasing success of business email compromise (BEC) attacks was confirmed by the 2023 Verizon Data Breach Investigations Report and the FBI’s Internet Crime Complaint Center. BEC scammers were found to be ramping up their social engineering efforts to exploit vulnerabilities and gain unauthorized access to personal and financial information.
Data privacy violations were explored in a video interview with Kris Lahiri, CSO at Egnyte. He highlighted the long-term consequences of these violations, including loss of trust, brand damage, and potential legal consequences. Organizations were encouraged to prioritize data privacy and implement robust security measures to prevent unauthorized access and data breaches.
The automotive industry’s adoption of digital key technology was examined in an article. This technology streamlines access approval for everyday access points, providing a secure and convenient solution for vehicle owners. As vehicles become increasingly connected and reliant on digital systems, ensuring the security of these technologies is paramount.
Denis Mandich, CTO at Qrypt, discussed the threat of quantum computing to national security in a video interview. He highlighted the potential for quantum computers to break cryptographic algorithms, raising concerns about data privacy and national defense. Governments and organizations were urged to invest in research and development to prepare for the quantum computing era.
Trend Micro emphasized the importance of incorporating cloud security teams into security operations centers (SOCs) to enhance operational efficiencies. As organizations increasingly rely on cloud services and infrastructure, the role of cloud security teams becomes critical in ensuring the security and integrity of cloud environments.
Multi-factor authentication (MFA) has been widely adopted to provide an additional layer of security for online accounts. An article explored ways to go beyond MFA by implementing three steps to improve security and reduce customer authentication friction. These steps included leveraging behavioral biometrics, contextual information, and continuous authentication to enhance security measures.
NetSPI showcased its Breach and Attack Simulation (BAS) platform, which allows organizations to continuously simulate real-world attack behaviors and test their detective controls. This platform provides a comprehensive solution for improving an organization’s security posture and identifying vulnerabilities before attackers can exploit them.
The Identity Defined Security Alliance (IDSA) revealed that a lack of adequate investments hinders identity security efforts. 90% of organizations reported identity-related incidents over the past year, emphasizing the need for improved identity management and security measures to protect against identity theft and unauthorized access.
Cyber resilience emerged as a leading strategic priority, with enterprises actively pursuing programs to strengthen their ability to mitigate attacks. Organizations recognized the need for comprehensive strategies that encompass prevention, detection, response, and recovery to ensure business continuity in the face of evolving cyber threats.
Eoin Hinchy, CEO of Tines, discussed how organizations can enhance the capabilities of their security teams during an economic downturn in a video interview. He emphasized the importance of automation and intelligent workflows in maximizing the potential of security teams and increasing operational efficiency.
Island, an enterprise-focused browser company, invited visitors to Infosecurity Europe 2023 to learn more about the benefits of complete control over the browsing experience. The company highlighted the potential for improved security and productivity when the enterprise has full control over the browser used by employees.
Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, explored the strategies employed by cybercriminals when targeting energy companies in a video interview. These specialized strategies posed unique challenges and underscored the need for robust security measures to protect critical infrastructure in the energy sector.
Thomas Roccia, Senior Security Researcher, introduced his new book, Visual Threat Intelligence, in a video interview. The book provides insights into the visual analysis of threat intelligence and its applications in the cybersecurity field. It offers valuable knowledge and techniques for security professionals seeking to enhance their threat intelligence capabilities.
The Center for Internet Security (CIS) focused on making the CIS Controls more automation-friendly to streamline compliance efforts. This initiative aimed to assist organizations in efficiently implementing and managing security controls to protect their systems and data from cyber threats.
Lastly, Help Net Security highlighted the most interesting infosec products of the week, including releases from NETSCOUT, Okta, Quantinuum, Seceon, and Zilla Security. These products offered innovative solutions to address various cybersecurity challenges and improve organizations’ security posture.
Overall, last week’s news, articles, interviews, and videos provided valuable insights into the current trends, challenges, and advancements in the cybersecurity landscape. From healthcare security awareness to emerging technologies like 6G networks, organizations were offered a deep dive into critical topics and practical solutions to enhance their security measures.