Week in Review: Disrupted Cyclops Blink Botnet, Risky Public Software Applications, Patch Tuesday Predictions
Here’s a look at some of the most interesting news, articles and interviews from the past week:
April Patch 2022 Tuesday Forecast: Spring is in the Air (and Vulnerable)
The March Patch Tuesday releases followed February’s footsteps with a low number of CVEs reported and resolved, and all updates deemed important except for a critical update for Microsoft Exchange Server.
Exploiting Log4Shell: which applications could be targeted next?
Spring4Shell (CVE-2022-22965) has dominated information security news for the past six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from corporate advocates, as various vulnerable applications are targeted by attacks in the wild.
CISA adds Spring4Shell to list of exploited vulnerabilities
It has been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) was discovered and the Spring development team fixed it in new versions of the Spring Framework.
Microsoft asks bug hunters to probe on-premises Exchange and SharePoint servers
Bug hunters who discover and report high-impact security vulnerabilities in Exchange, SharePoint and Skype for Business on-premises can earn up to $26,000 per eligible submission, Microsoft announced.
The Cyclops Blink botnet has been disrupted
The US Department of Justice has announced that the FBI has disrupted the Cyclops Blink botnet, which they believe is under the control of the Sandworm group – a threat actor that was previously attributed to the state’s Main Intelligence Directorate – Major General of the Armed Forces of the Russian Federation (the GRU).
New and lesser-known cybersecurity risks you need to be aware of
In this interview with Help Net Security, Zur Ulianitzky, Head of Security Research at XM CYber, provides insight into new and lesser-known cybersecurity risks that organizations need to watch out for, and what they need to do to stay safe. and protected against these threats.
Security flaws found in 82% of public sector software applications
Veracode has released new findings that show the public sector has the highest proportion of security vulnerabilities in its applications and maintains some of the lowest and slowest patch rates compared to other industry sectors.
Hybrid Threat Model: Beware the Disgruntled Employee
In this interview with Help Net Security, James Turgal, Vice President of Cyber Risk, Strategy and Board Relations at Optiv Security, talks about the Hybrid Threat Model, a new approach that leverages social media to launch cyberattacks against organizations.
Vulnerabilities and cyberattacks that marked the year 2021
Rapid7 has announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021.
Prioritize cybersecurity training during the onboarding process
In this interview with Help Net Security, Brent Johnson, CISO at Bluefin, talks about the importance of making cybersecurity training a priority for every organization and why this goal is often difficult to achieve.
63% of organizations paid the ransom last year
According to a report by CyberEdge Group, a record 71% of organizations were hit by successful ransomware attacks last year, up from 55% in 2017. Of those who fell victim, 63% paid the demanded ransom, compared to 39% in 2017.
The CISO as brand enabler, customer advocate and product visionary
If you are a CISO today, or have worked for or observed one from afar, you have felt the reality of goalposts continually changing over time, and you have encountered some of the difficult questions that may arise. there is no answer yet.
The challenges of consumer data and the use of PII
In this Help Net Security video, Nong Li, CEO of Okera, discusses the challenges of using and managing consumer data and personally identifiable information (PII).
Use biological algorithms to detect cyberattacks
Phishing, a long-standing cyberattack technique in which attackers impersonate others to gain access to confidential information, has become extremely popular lately, reaching an all-time high in December 2021, with attacks tripling since then. ‘last year.
Cardholder Compliance Reports
In this video, Craig Lurey, CTO and co-founder of Keeper Security, talks about the new secure add-on to the Keeper enterprise platform, called Compliance Reports.
Digital transformation requires intelligence
Embracing change and resilience became the business continuity mantra as organizations navigated the pandemic. Integrating digital technologies was essential to quickly adapt and respond to employee and customer needs, economic uncertainty and competitive pressures.
Cybercriminals are taking advantage of the Ukraine crisis to create charity donation scams
In this video for Help Net Security, Charles Brook, Threat Intelligence Researcher at Tessian, explains how cybercriminals have taken advantage of the crisis in Ukraine to create charity donation scams.
The Importance of Understanding Cloud-Native Security Risks
In this video for Help Net Security, Paul Calatayud, CISO at Aqua Security, talks about cloud native security and the problem of not understanding the risks to this environment.
Traditional Identity Fraud Losses Soar, Totaling $52 Billion in 2021
Losses from traditional identity fraud, caused by criminals illegally using victims’ information to steal money, skyrocketed in 2021 to $24 billion, an alarming 79% increase, study shows compared to 2020.
What you should look for when installing packages from public repositories
In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, talks about the risks posed by malicious open source packages.
People’s habits around personal and corporate data backup procedures
In this video for Help Net Security, Jon Fielding, CEO of Apricorn, talks about a survey of thousands of Twitter users about their personal and business data and their backup habits, processes and procedures.
Cybercriminals on Discord: Uncovering Developing Threats
In this video for Help Net Security, Tal Samra, Cyber Threat Analyst at Cyberint, talks about Discord, a platform often used for cybercrime activities, and possible threats users might encounter.
Infosec Products of the Month: March 2022
Here’s a look at the hottest products from the past month, with releases from: Actiphy, Anomali, AvePoint, Ciphertex Data Security, Contrast Security, CRITICALSTART, CybeReady, Dasera, Deepfence, Dtex Systems, Elastic, Endace, Enzoic, ExtraHop, Imperva , MetricStream, Nebulon, NICE Actimize, Ostrich Cyber-Risk, Palo Alto Networks, Perimeter 81, PKI Solutions, Progress, Rapid7, Reciprocity, Secret Double Octopus, SEON, Sonrai Security, SpyCloud, Swissbit, Veeam Software, Veriff and VMware.
New infosec products of the week: April 8, 2022
Here’s a look at some of the hottest products from the past week, with releases from ColorTokens, Forescout, Fortinet, IBM, Imperva, Keysight Technologies, and Orca Security.