Here’s a look at some of the most interesting news, articles and interviews from the past week:
Kali Linux 2022.1 released: new tools, kali-linux-everything, visual changes
Offensive Security has released Kali Linux 2022.1, the latest version of its popular open source penetration testing platform.
DDoS Attacks Take Ukrainian Government and Banks’ Websites Offline
Unknown attackers have launched disruptive Distributed Denial of Service (DDoS) attacks against several Ukrainian government organizations and public banks.
Attackers use Microsoft Teams as a launching pad for malware
Hackers are starting to realize that Microsoft Teams is a great way to spread tentacles into an organization’s systems; Since the beginning of the year, Avanan has seen more and more hackers dropping malware into Teams conversations.
Open banking innovation: a race between developers and cybercriminals
In this interview with Help Net Security, Karl Mattson, CISO at Noname Security, explains the wide use of open banking and how it can easily be exploited if proper security measures are not implemented.
Skyrocketing online fraud: gaming, streaming, social media, travel and e-commerce hit hardest
A report from Arkose Labs warns UK trade that it faces the toughest year in its history. Experts analyzed over 150 billion transaction requests across 254 countries and territories in 2021 over 12 months to find there was an 85% increase in login attacks and the creation of fake consumer accounts in companies.
Qualys XDR Definition: bring context to security efforts in an organization
In this interview with Help Net Security, Jim Wojno, Senior Director of XDR at Qualys, explains the benefits of using Qualys Context XDR and how it can bring clarity through context.
The importance of implementing security analysis in the software development lifecycle
Veracode has published research that reveals that most apps are now scanned about three times a week, compared to just two or three times a year a decade ago. This represents a 20x increase in the average scan rate between 2010 and 2021.
How the Ease of Use of the QR Code Expanded the Attack Surface
In this interview with Help Net Security, Neil Clauson, Regional CISO at Mimecast, talks about QR code phishing threats, explains the vulnerabilities of this technology and how to make sure you don’t fall prey to such an attack.
Using mobile networks for cyberattacks as part of a war strategy
AdaptiveMobile Security has released research that highlights how vulnerabilities in mobile network infrastructure could be weaponized during offensive military operations.
How do I select an API security solution for my business?
To select an appropriate API security solution, you need to consider various factors. We spoke to several industry professionals to get their perspective on the subject.
PCI SSC and National Cybersecurity Alliance Release Bulletin to Highlight Ransomware Threat
The PCI Security Standards Council (PCI SSC) and the National Cybersecurity Alliance have released a joint bulletin on the growing threat of ransomware attacks.
Democratize security with Open XDR
The democratization of safety means that all the data and all results can and should be taken into account. It does not increase a particular platform, but rather to create an open environment that accepts information from all sources and tools without restrictions due to technical limitations or marketing.
The importance of implementing a zero trust strategy
Optiv has released a report based on a recent survey of cybersecurity leaders that highlights the critical importance of implementing zero trust as an effective way to reduce cyber risk.
Log4Shell: A Retrospective
Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working on it (CVE-2021-44228), it makes sense to look back and take stock of the how things went. What strategies worked in the face of one of the most notable vulnerabilities of the past decade?
The Rise of the Super Malicious Insider: Yes, We Need to Worry
DTEX Systems has announced the release of a report that identifies a significant increase in industrial espionage incidents and the rise of the super malicious insider persona, and provides evidence that the abrupt shift to remote working has directly contributed to an escalation. psychosocial human behaviors that create an organization. risk.
Securing the IoT from scratch
We live in a highly connected world. There are already around 10 billion devices connected to the Internet of Things (IoT), and the number is expected to reach more than 25 billion by 2030. They also vary in every conceivable sector; Simple IoT sensors and consumer-focused smart home gadgets have been joined by sophisticated medical devices, next-generation automotive technologies, industrial IoT hardware, and more.
Energy, oil and utilities sectors most likely to pay ransoms
CyberSaint has announced the release of a report that identifies the industries that pay the most ransom, have the willingness to pay, and looks at the future of ransomware.
Shortages in the supply chain create a nightmare for cyber security
The White House recently issued alerts noting that many manufacturers are suffering from disrupted supply chains and that rebuilding supply chains is a top priority. Some analysts suggest that many months, if not years, could pass before the chaos subsides.
The seven themes guiding the future of cybersecurity
Team8 has announced the release of a report that details seven themes shaping the future of cybersecurity. These themes are driven by the impact of the pandemic, the increase in remote working and the growing number of cyberattacks, which are pushing governments to respond.
Traditional MFA creates a false sense of security
A report by HYPR and Cybersecurity Insiders reveals that despite the Zero Trust initiative, many organizations are still highly exposed to credential attacks due to insufficient multi-factor authentication (MFA) methods and a general lack of emergency after potential exposure. In fact, 64% of hacked people did not strengthen or improve their authentication controls after the attack.
Tackling supply chain security head-on
Supply chain security is not an easy task and no one entity has end-to-end control. With so many steps, organizations, and businesses involved, it’s no surprise that hackers take advantage of the lack of sufficient security.
How hackers could use popular VR headsets to steal sensitive information
Researchers from Rutgers University in New Brunswick have published ‘Face-Mic’, the first work examining how voice command features on virtual reality headsets could lead to major privacy leaks, known as eavesdropping attacks.
White Paper: 5 Steps to Improve MFA Adoption
5 Steps to Improve MFA Authentication Adoption is an unbiased and comprehensive analysis of the present and future of multi-factor authentication and the challenges associated with widespread adoption.
eBook: The Ultimate Guide to Client-Side Security
The Ultimate Guide to Client-Side Security provides organizations with a guide to understanding how modern websites and web applications operate in the context of client-side interactions and the dangers inherent in the client-side coding structures that underpin site functionality. website.
New infosec products of the week: February 18, 2022
Here’s a look at some of the hottest products from the past week, with releases from Blueshift Cybersecurity, Bugcrowd, CoSoSys, F5 Networks, Mandiant, Orca Security, Stellar Cyber, and Verimatrix.