Here’s a look at some of the most interesting news, articles, interviews and videos from the past week:
September 2022 Patch Tuesday Forecast: No Sign of Slowing Down
September is here, and for most of us in the northern hemisphere, cooler temperatures are on the way. Unfortunately, the need to maintain and update our computer systems remains burning.
DeadBolt hits QNAP NAS devices via zero-day bug, what to do?
A few days ago – and right in the middle of the weekend before Labor Day (celebrated in the United States) – Taiwan-based QNAP Systems warned of the latest round of DeadBolt ransomware attacks targeting users of its QNAP Network Attached Storage (NAS) devices.
7 Free Online Cybersecurity Courses You Can Take Right Now
The shortage of talent and a variety of specialist areas in cybersecurity have inspired many people to retrain and join the industry. One way to gain more knowledge is to take advantage of online learning opportunities. Here you will find a list of free online cybersecurity courses that can help you advance your career.
High-risk ConnectWise Automate vulnerability has been patched, admins are advised to patch as soon as possible
ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or other processing resources.
You should know that most websites share your on-site search queries with third parties.
If you use a website’s internal search function, there’s a good chance your search terms will be leaked to third parties in one form or another, NortonLifeLock researchers have found.
Your suppliers are probably your biggest cybersecurity risk
As the speed of business increases, more and more organizations are looking to buy businesses or outsource more services to gain market advantage. With organizations expanding their supplier base, there is a critical need for holistic third-party risk management (TPRM) and comprehensive cybersecurity measures to assess the level of risk posed by suppliers.
Ransomware attacks on Linux will increase
Trend Micro predicted that ransomware groups will increasingly target Linux servers and embedded systems over the next few years. It recorded a double-digit year-over-year (YoY) increase in attacks against these systems in 1H 2022.
Apple boosts security and privacy in iOS 16
Apple has announced additional security and privacy updates for its all-new mobile operating system. In this Help Net Security video, you’ll learn about the latest privacy and security features in iOS 16.
Government guide to supply chain security: the good, the bad and the ugly
As developers and security teams prepared to take a break and fire up the barbecue for the holiday weekend, the most prestigious security agencies in the United States (NSA, CISA and ODNI) released a guide best practice guide of over 60 pages, Securing the Software Supply Chain for Developers.
Supply chain risk top security priority as trust in partners declines
As cyber attackers increasingly seek to take advantage of the accelerating digitalization that has seen many businesses dramatically increase their reliance on cloud-based solutions and services as well as third-party service providers, the risk of the software supply chain has become a major concern for organizations.
Thwart social engineering attacks by building your cyber resilience
In this Help Net Security video, Grayson Milbourne, Director of Security Intelligence at OpenText Security Solutions, discusses the innovation behind social engineering campaigns and illustrates how cyber resilience can help mitigate this ever-evolving threat.
What is polluting your data lake?
A data lake is a large system of files and unstructured data collected from many untrusted sources, stored and distributed for business services, and is susceptible to contamination by malware. As companies continue to produce, collect and store more data, the potential for costly cyber risks increases.
Nmap 7.93, the 25th Anniversary Edition, has been released
Nmap is a widely used free and open-source network scanner. It is used for network inventory, port scanning, managing service upgrade schedules, monitoring host or service availability, etc. It works on most operating systems: Linux, Windows, macOS, Solaris and BSD.
Best apps for malware downloads
In this video for Help Net Security, Raymond Canzanese, Director of Threat Research at Netskope, talks about the best apps for malware downloads.
A Go-Ahead cyberattack could derail UK public transport services
One of the UK’s largest public transport operators, Go-Ahead Group, has been the victim of a cyberattack. The Go-Ahead group, which connects people through its bus and train networks, reported that it was “handling a cybersecurity incident” after “unauthorized activity” was detected on its network.
62% of consumers see fraud as an unavoidable risk of online shopping
According to research published by Paysafe, 59% of consumers are more worried about becoming victims of fraud than they were in 2021. Consumers in North America, Latin America and Europe prioritize security over convenience when shopping online as the impact of rising inflation and energy prices continue to fuel financial worries.
The challenges of achieving ISO 27001
In this Help Net Security video, Nicky Whiting, Consulting Director at Defense.com, talks about the challenges of implementing ISO 27001, a widely known international standard.
There is no secure critical infrastructure without identity-based access
Organizational security strategy has long been defined by an internal perimeter containing all of a company’s information in one secure place. Designed to prevent external threats from entering through firewalls and other intrusion prevention systems, this security model allows trusted insiders virtually unrestricted access to IT assets and resources. company. In concrete terms, this means that any user with access to the network can also access confidential and sensitive information, regardless of their position or requirements.
EvilProxy phishing-as-a-service with MFA bypass appeared on the dark web
Following the recent Twilio hack that resulted in the leak of 2FA (OTP) codes, cybercriminals continue to upgrade their arsenal of attacks to orchestrate advanced phishing campaigns targeting users around the world. Resecurity recently identified a new Phishing-as-a-Service (PhaaS) called EvilProxy announced on the Dark Web. On some sources, the alternate name is Moloch, which has a connection to a phishing kit developed by several notable underground players that previously targeted financial institutions and the e-commerce industry.
With rising cyber insurance costs, can small businesses avoid being overpriced?
Cyber insurance is quickly becoming an essential part of doing business as more and more organizations accept the inevitability of cyber risk. There is a growing awareness of the need to prepare for the impact of devastating security incidents such as those caused by ransomware, just as a business invests in coverage against potential physical threats such as fire or criminal damage.
Researchers publish post-quantum update to Signal protocol
PQShield has published a white paper that exposes the quantum threat to end-to-end messaging security and explains how post-quantum cryptography (PQC) can be added to the Signal secure messaging protocol to protect it from quantum attacks.
Better than a Solution: Tightening Backup and Recovery Helps Financial Services Companies Innovate
We all know the risks that exist. Ransomware is a huge threat and critical transactional data is under constant attack. Meanwhile, financial services organizations are under pressure from all sides as regulators tighten legislation, from SOX to CCPA, GDPR and global data privacy laws like PIPL. In this firestorm, it has never been more important for financial services organizations to improve their data protection and risk mitigation strategies.
Most IT managers think partners, customers make their business a target for ransomware
Global organizations are increasingly exposed to the risk of ransomware compromise through their extended supply chains. In May and June 2022, Sapio Research surveyed 2,958 IT decision makers in 26 countries. The study found that 79% of global IT leaders believe their partners and customers are making their own organization a more attractive target for ransomware.
eBook: 4 cybersecurity trends to watch in 2022
With the rapid acceleration of cloud usage and digitized systems, a host of new security issues are likely to emerge in the new year. Rising threats around network defense, data protection, and multicloud strategies are dominating the security conversation, while cybercriminals have become faster, smarter, and stealthier than ever. It is crucial for businesses, government agencies, schools and other organizations to keep the latest forecasts in mind.