Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
LLM Guard: Open-source toolkit for securing Large Language Models
LLM Guard is a toolkit designed to fortify the security of Large Language Models (LLMs). It is designed for easy integration and deployment in production environments.
Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion
The Dragos Platform is technology built for practitioners by practitioners that arms industrial cybersecurity teams with the most up-to-date defensive tools, codified by our experts on the front lines every day hunting, combatting, and responding to advanced ICS threats.
An inside look at NetSPI’s impressive Breach and Attack Simulation platform
In this Help Net Security interview, Scott Sutherland, VP of Research at NetSPI, delves into the intricacies of their Breach and Attack Simulation (BAS) platform and discusses how it offers unique features – from customizable procedures to advanced plays – that help organizations maximize their ROI.
How companies can take control of their cybersecurity
In this Help Net Security interview, Baya Lonqueux, CEO at Reciproc-IT, discusses the evolving cybersecurity landscape and the essential skillsets needed for teams working in this field.
Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179)
Trend Micro has fixed a critical zero-day vulnerability (CVE-2023-41179) in several of its endpoint security products for enterprises that has been spotted being exploited in the wild.
Telecom firms hit with novel backdoors disguised as security software
Researchers have unearthed new backdoors leveraged to maintain long-term access in the networks of telecom firms in the Middle East.
Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones
Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited “against versions of iOS before iOS 16.7.”
Shadow IT: Security policies may be a problem
3 out of 4 workers use personal (and often unmanaged) phones and laptops for work and nearly half of companies let unmanaged devices access protected resources, a recent report by Kolide and Dimensional Research has revealed.
Kubernetes vulnerability allows RCE on Windows endpoints (CVE-2023-3676)
Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster.
Never use your master password as a password on other accounts
One in three Americans now use password managers, up from one in five in 2022, according to an online poll by Security.org that quizzed 1,051 American adults on how they use passwords and password managers.
Fake WinRAR PoC spread VenomRAT malware
An unknown threat actor has released a fake proof of concept (PoC) exploit for CVE-2023-4047, a recently fixed remote code execution (RCE) vulnerability in WinRAR, to spread the VenomRAT malware.
Signal takes a quantum leap with E2EE protocol upgrade
Signal has announced an upgrade to its end-to-end encryption (E2EE) protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum computers.
GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)
GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform.
Balancing budget and system security: Approaches to risk tolerance
Because no two organizations are alike, every CISO must find a cyber risk management approach that aligns with the goals, culture, and risk tolerance of the organization.
The hidden dangers of low-value data
In this Help Net Security video, Terry Ray, SVP Data Security and Field CTO at Imperva, warns organizations to stop ignoring low-value data – as criminals use it as a place to live, watch, and wait for the perfect moment to steal the crown jewels.
What AppSec and developers working in cloud-native environments need to know
Application security (AppSec), a strategic segment of the broad spectrum of information security, is an ever-evolving discipline that focuses on ensuring the security, integrity, and robustness of software applications.
Avoiding domain security risks when taking your business online
In this Help Net Security video, Prudence Malinki, Head of Industry Relations at Markmonitor, discusses best practices enterprises should abide by when kickstarting their online business and domain strategy.
How to set up and speed up Amazon S3 Replication for cross-region data replication
Amazon S3 is a simple cloud storage solution enabling effortless storage and retrieval of large amounts of data from different geographies. It’s engineered for scalability, durability, and security, making it a popular option for data storage and distribution.
Why more security doesn’t mean more effective compliance
Like their peers across nearly all industry verticals, financial services firms are moving to the cloud in large numbers to drive cost efficiencies, business agility, and innovation.
18 free Microsoft Azure cybersecurity resources you should check out
Here’s a list of free Azure cybersecurity resources that Microsoft offers to anyone interested in learning.
PostgreSQL 16: Where enhanced security meets high performance
PostgreSQL 16 provides finer-grained options for access control and enhances other security features.
Rising OT/ICS cybersecurity incidents reveal alarming trend
60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time), according to Rockwell Automation.
Regulatory activity forces compliance leaders to spend more on GRC tools
Legal and compliance department investment in GRC (governance, risk, and compliance) tools will increase 50% by 2026, according to Gartner.
Strong compliance management is crucial for fintech-bank partnerships
72% of banks and credit unions are prioritizing compliance when evaluating fintechs, citing it as their top criteria in the due diligence process, according to Ncontracts.
Companies still don’t know how to handle generative AI risks
Energized by the hype around generative AI, enterprises are aggressively pursuing practical applications of this new technology while remaining cautious about the risks, according to ISG.
Organizations are racing against time to meet the PCI DSS 4.0 deadline
Payment data security concerns remain widespread as organizations undertake significant lift to meet the PCI DSS 4.0 deadline, according to Bluefin.
Critical business app outages cost $500,000 per hour of downtime
Observability’s adoption is on the rise and full-stack observability leads to better service-level metrics, such as fewer, shorter outages and lower outage costs, according to New Relic.
New infosec products of the week: September 22, 2023
Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Dig Security, Laiyer.ai, Viavi Solutions, and Wing Security.