Here is an overview of some of the most interesting news, articles and interviews from the past week:
April 2022 Patch Tuesday Forecast: Spring is in the Air (and Vulnerable)
The March Patch Tuesday releases followed on the heels of February with a low number of CVEs reported and resolved, and all updates rated important except one critical update for Microsoft Exchange Server.
Log4Shell Exploitation: Which Applications Can Be Targeted Next?
Spring4Shell (CVE-2022-22965) has dominated the information security news for the past six days, but Log4Shell (CVE-2021-44228) continues to demand the attention and action of enterprise defenders as various vulnerable applications are being subject to attacks in the wild.
CISA adds Spring4Shell to list of exploited vulnerabilities
It has been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring Framework.
Microsoft asks bug hunters to investigate local Exchange and SharePoint servers
Bug hunters who discover and report high-impact security vulnerabilities in Exchange, SharePoint and Skype for Business installations can earn up to $26,000 per eligible submission, Microsoft announced.
The Cyclops Blink botnet has been disrupted
The US Department of Justice has announced that the FBI has disrupted the Cyclops Blink botnet, which they say was under the control of the Sandworm group, a threat actor previously attributed to the US Army General Staff’s Principal Intelligence Directorate. the Armed Forces of the Russian Federation (the GRU).
New and lesser-known cybersecurity risks to be aware of
In this interview with Help Net Security, Zur Ulianitzky, Head of Security Research at XM CYber, provides insights into new and less talked about cyber security risks that organizations need to be aware of and what they need to do to stay safe and secure from these. threats.
Security flaws found in 82% of public sector software applications
Veracode has released new findings showing that the public sector has the highest proportion of security flaws in its applications and maintains some of the lowest and slowest repair rates compared to other industry sectors.
Hybrid Threat Model: Beware the Dissatisfied Employee
In this interview with Help Net Security, James Turgal, Vice President of Cyber Risk, Strategy and Board Relations at Optiv Security, talks about the hybrid threat model, a new approach that leverages social media to launch cyberattacks on organizations.
Vulnerabilities and cyberattacks that marked the year 2021
Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyber attacks in 2021.
Prioritize cybersecurity training during the onboarding process
In this interview with Help Net Security, Brent Johnson, CISO at Bluefin, talks about the importance of making cybersecurity training a priority for all organizations and why it’s often a difficult goal to achieve.
63% of organizations paid the ransom last year
A record 71% of organizations were hit by successful ransomware attacks last year, according to a CyberEdge Group report, up from 55% in 2017. Of victims, 63% paid the ransom demanded, up from 39% in 2017.
The CISO as Brand Enabler, Customer Advocate, and Product Visionary
If you are a CISO today, or have worked with or watched one from afar, you have felt that the reality of goal posts continually changes over time, and you have experienced some of the difficult questions that may not yet be answered.
The challenges of consumer data and the use of PII
In this video from Help Net Security, Nong Li, CEO of Okera, talks about the challenges of using and managing consumer data and personally identifiable information (PII).
Use of biological algorithms to detect cyber attacks
Phishing, a long-standing cyberattack technique through which attackers impersonate others to gain access to sensitive information, has become immensely popular of late, reaching an all-time high in December 2021, with attacks tripled from the previous year.
Keeper Compliance Reports
In this video, Craig Lurey, CTO and co-founder of Keeper Security, talks about the new secure add-on for Keeper’s business platform called Compliance Reports.
Digital transformation requires security intelligence
Embrace change and resilience became the mantra for business continuity as organizations grew stronger during the pandemic. Incorporating digital technologies was critical to quickly adapt and address employee and customer needs, economic uncertainty, and competitive pressures.
Cybercriminals take advantage of Ukraine crisis to create charitable donation scams
In this video for Help Net Security, Charles Brook, Threat Intelligence Researcher at Tessian, talks about how cybercriminals have taken advantage of the Ukraine crisis to create charitable donation scams.
The importance of understanding cloud-native security risks
In this video for Help Net Security, Paul Calatayud, CISO at Aqua Security, talks about cloud-native security and the issue of misunderstanding the risks to this environment.
Traditional identity fraud losses skyrocket, totaling $52 billion in 2021
A study shows that traditional identity fraud losses, caused by criminals illegally using victims’ information to steal money, skyrocketed in 2021 to $24 billion, an alarming 79% increase from 2020.
What to consider when installing packages from public repositories
In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, talks about the risks posed by open source malicious packages.
Habits of people around personal and corporate data backup procedures
In this video for Help Net Security, Jon Fielding, CEO of Apricorn, talks about a survey of thousands of Twitter users, their personal and corporate data, and their backup habits, processes, and procedures.
Cybercriminals on Discord: Discovering Evolving Threats
In this video for Help Net Security, Tal Samra, Cyber Threat Analyst at Cyberint, talks about Discord, a platform often used for cybercriminal activity, and the potential threats users may encounter.
Computer Security Products of the Month: March 2022
Here’s a look at the most exciting products from the past month, with releases from: Actiphy, Anomali, AvePoint, Ciphertex Data Security, Contrast Security, CRITICALSTART, CybeReady, Dasera, Deepfence, Dtex Systems, Elastic, Endace, Enzoic, ExtraHop, Imperva , MetricStream, Nebulon, NICE Actimize, Ostrich Cyber-Risk, Palo Alto Networks, Perimeter 81, PKI Solutions, Progress, Rapid7, Reciprocity, Secret Double Octopus, SEON, Sonrai Security, SpyCloud, Swissbit, Veeam Software, Veriff, and VMware.
New infosec products of the week: April 8, 2022
Here’s a look at the most exciting products from the past week, with releases from ColorTokens, Forescout, Fortinet, IBM, Imperva, Keysight Technologies, and Orca Security.