Here’s an overview of some of the most interesting news, articles, interviews and videos from the past week:
Beware of Password Cracking Software for PLC and HMI!
A threat actor is targeting industrial engineers and operators with programmable logic controllers (PLCs) and trojanized password-cracking software for human-machine interfaces (HMIs), their pressing needs to turn industrial workstations into dangerous bots. Taking advantage.
Vulnerabilities in popular GPS tracker could allow hackers to remotely intercept cars
Six vulnerabilities in the MiCODUS MV720 GPS Tracker, which is used by organizations around the world to manage and protect vehicle fleets, could be exploited by attackers to remotely cut fuel or stop vehicles suddenly.
Atlassian fixes critical flaws in Confluence, Jira, Bitbucket and other products, update quickly!
Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, FishEye and Crucible, Jira and Jira Service Management to update their instances as soon as possible.
(IN)SECURE Magazine Issue 72 Released: Free Download
(IN) SECURE Magazine is a free digital security publication that discusses some of the most important information security topics. Issue 72 has been published. This is a free download, no registration is required.
The rise and continued popularity of LinkedIn-themed phishing
Phishing emails impersonating LinkedIn continue to make up the bulk of all brand phishing attempts; According to Check Point, 45% of all email phishing attempts in the second quarter of 2022 mimicked the communication style of professional social media platforms, with the goal of targeting a fake LinkedIn login page and collecting their account credentials. with.
Microsoft adds default protection against RDP brute-force attacks
Brute-forced RDP access and malicious macros have long been two of the most popular tactics used by threat actors to gain unauthorized access to Windows systems.
Removal of blind spots allowing lateral movement
There are critical blind spots in most security solutions today that make it nearly impossible to detect and prevent lateral movement attacks.
82% of global insurers expect cyber insurance premiums to continue to rise
A Panasir survey of global insurers in the UK and US found that while 82% expect premiums to continue to rise, 74% of insurers agree that their inability to accurately understand a customer’s security posture value affecting growth.
The importance of secure passwords cannot be stressed enough
Cybercriminals typically rely on weak passwords to break into the online accounts of vulnerable victims, often with dire consequences. But despite understanding the importance of strong passwords as an important security best practice, for most users the ease of remembering just a few passwords and reusing them everywhere adds to the security risk.
Online payment fraud losses will exceed $343 billion
According to Juniper Research, cumulative merchant losses from online payment fraud globally will exceed $343 billion between 2023 and 2027.
How Kitemarks are ushering in IoT regulation
The regulation of the Internet of Things (IoT) has always been a controversial topic. Those who claim it stunts the growth of a nascent industry, while its advocates argue that it helps to adopt industry best practices and set standards.
Industrial cyber security leaders are making great strides
The rise in cyber threats and government directives have made cyber security a top priority among critical infrastructure organizations.
How to prepare your organization for a Slack or Office 365 breach
In this HelpNet Security video, Ofer Maor, CTO of Mitiga, discusses top security ideas for organizations to prepare for and mitigate the potential impact of a Slack or Office 365 breach.
Popular business web apps fail to enforce critical password requirements
Specops Software released new research finding cybersecurity vulnerabilities in business web apps including Shopify, Zendesk, Trello, and Stack Overflow.
What NATO’s virtual rapid response cyber capability means for the fight against cyber warfare
In this HelpNet Security video, Itte Bochner, Director of Malware Analysis Solutions, OpsWat, talks about NATO’s virtual rapid response cyber capability and what it means.
What threats and challenges do CISOs and CROs focus on the most?
According to Tata Consultancy Services, cyber executives are not adequately prioritizing threats from vulnerabilities within the value chain, beyond the immediate confines of their own organisations.
How opponents are taking advantage of the punching tool to launch attacks
In this HelpNet Security video, Tony Lambert, senior malware analyst at Red Canary, talks about how adversaries’ favorite tools are legitimate tools used for malicious purposes.
First formal verification of the prototype of Arm CCA firmware
As our personal data is increasingly being used in many applications from advertising to finance to healthcare, the protection of sensitive information has become an essential feature of computing architectures.
Huntress Receives Security Awareness Training Platform Course For $22 Million
Huntress, a managed security platform for SMBs, has acquired Curriculum, a story-based security awareness training platform that empowers employees to better defend themselves against hackers. In this HelpNet Security video, Marcos Torres, Huntress’s CFO, talks about what this acquisition means for this company’s future.
60% of IT leaders are not confident about their secure cloud access
According to research from the Ponemon Institute, 60% of IT and security leaders do not trust their organization’s ability to ensure secure cloud access, even though adoption continues to grow across a diverse range of cloud environments.
Why SBOMs aren’t the silver bullet they portray as
In this HelpNet Security video, Julie Klein, Director, Global Public Policy at Akamai Technologies, discusses her views on SBOMs.
Metasploit’s Past, Present and Future
In this HelpNet Security video, Rapid7’s Lead Security Researcher, Spencer McIntyre, talks about how Metasploit enables defenders to always be a step (or two) ahead of the game, and offers a glimpse into the future. Is.
AppViewX raises $20 million to help businesses reduce risk
In this HelpNet Security video, AppViewX CEO Gregory Webb, talks about how the additional investment will help maximize AppViewX’s go-to-market operations.
Introduction to the book: Managing the dynamic nature of cyber security
In this HelpNet Security video, he talks about how the book helps organizations define solid security strategies.
How organizations can implement a holistic data strategy
In this HelpNet Security video, Bernard Brantley, CISO, CoreLight, discusses why organizations need to rethink their data strategy, challenging the notion that they should collect everything and use it at the point of incident. use should be determined.
How to identify and combat online fraud
In this HelpNet Security video, Imperva Senior Product Manager Lynn Marks discusses how organizations need to prepare for fraudulent BNPL activity.
Product Showcase: Passwork – The best solution for working with corporate passwords
Passwork aims to enable efficient and secure work processes through automated management of passwords and corporate accounts.
New InfoSec Products of the Week: July 22, 2022
Here’s a look at the most interesting products from the past week, including releases from Cato Networks, Kososis, Darktrace, EnGenius, Orca Security, Persona, and ReSecurity.