Week in review: Microsoft, Apple patch exploited zero-days, tips for getting hired in cybersecurity


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Combining identity and security strategies to mitigate risks
The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, announced Jeff Reich as the organization’s new Executive Director.

Can we predict cyber attacks? Bfore.AI says they can
In this Help Net Security interview, Luigi Lenguito, CEO at Bfore.AI, talks about threat prevention challenges and how his company can predict cyber attacks before they begin.

Microsoft patches three exploited zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823)
The February 2023 Patch Tuesday is upon us, with Microsoft releasing patches for 75 CVE-numbered vulnerabilities, including three actively exploited zero-day flaws (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823).

Helping users and organizations build an instinctive data privacy habit
Many organizations around the world engage in efforts to raise awareness about the importance of online privacy during that week, including the National Cybersecurity Alliance (NCA) – a non-profit whose goal is to demystify complex security topics to help consumers and businesses better understand the simple steps they can take to protect themselves.

Get hired in cybersecurity: Expert tips for job seekers
In this Help Net Security interview, Joseph Cooper, Cybersecurity Recruiter at Aspiron Search, offers practical advice for job seekers and talks about how the cybersecurity profession continues to expand.

Admins, patch your Cisco enterprise security solutions! (CVE-2023-20032)
Cisco has released security updates for several of its enterprise security and networking products.

DHL, MetaMask phishing emails target Namecheap customers
A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet’s secret recovery phrase.

Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529)
Apple has released security updates that fix a WebKit zero-day vulnerability (CVE-2023-23529) that “may have been actively exploited.”

Vulnerabilities open Korenix JetWave industrial networking devices to attack
Three vulnerabilities found in a variety of Korenix JetWave industrial access points and LTE cellular gateways may allow attackers to either disrupt their operation or to use them as a foothold for further attacks, CyberDanube researchers have found.

Reimagining zero trust for modern SaaS
The concept of zero trust – as a way to improve the security of and access to an organization’s network, systems, and data – has gained traction in recent years.

Malware that can do anything and everything is on the rise
“Swiss Army knife” malware – multi-purpose malware that can perform malicious actions across the cyber-kill chain and evade detection by security controls – is on the rise, according to the results of Picus Security’s analysis.

Introducing the book – Threats: What Every Engineer Should Learn From Star Wars
Adam Shostack, the author of “Threat Modeling: Designing for Security”, and the co-author of “The New School of Information Security”, recently launched his new book – “Threats: What Every Engineer Should Learn From Star Wars”.

Steps CISA should take in 2023
The quality of content CISA releases is consistently top-notch, whether they are advisories, infographics, or videos. Its releases are educational, accessible, and timely — essential in a fast-moving field like cybersecurity.

Navigating the ever-changing landscape of digital security solutions
Recently, Entrust named Bhagwat Swaroop as President, Digital Security Solutions. In this role, Bhagwat will lead the evolution, growth, and expansion of the Entrust Digital Security portfolio, which includes solutions for data encryption, public and private certificate authorities, identity and access management, digital signing, and security policy management.

Cybercriminals exploit fear and urgency to trick consumers
Cybercriminals remained active in spying and information stealing, with lottery-themed adware campaigns used as a tactic to obtain people’s contact details, according to Avast.

As regulations skyrocket, is compliance even possible anymore?
In this Help Net Security video, Gianna Price, Solutions Architect at Telos Corporation, explores what organizations can do to streamline compliance and get ahead.

The risks and benefits of starting a vCISO practice
There is a definite trend of MSPs shifting into security. There are a number of very good reasons for this, including the fact that other services traditionally offered are becoming commoditized, as well as the increasing threat that SMEs and SMBs are facing when it comes to cyber attacks.

High-risk users may be few, but the threat they pose is huge
High-risk users represent approximately 10% of the worker population and are found in every department and function of the organization, according to Elevate Security research.

How to prevent DDoS attacks
In this Help Net Security video, Matthew Andriani, CEO at MazeBolt, discusses the growing threat and impact of DDoS attacks and how organizations can stay safe against them.

Attack surface management (ASM) is not limited to the surface
Attack surface management (ASM) is a make or break for organizations, but before we get to the usual list of best practices, we need to accept that attack surface management is not limited to the surface.

Actionable intelligence is the key to better security outcomes
Despite the widespread belief that understanding the cyber threat actors who could be targeting their organization is important, 79% of respondents stated that their organizations make the majority of cybersecurity decisions without insights into the threat actor targeting them.

Expected advancements in quantum cryptography
In this Help Net Security video, Vanesa Diaz, CEO at LuxQuanta, talks about how precautions must be taken ahead of this new quantum age, where cybersecurity solutions require significant attention and developments to ensure the protection and security of data.

Application and cloud security is a shared responsibility
Cloud environments and application connectivity have become a critical part of many organizations’ digital transformation initiatives.

How hackers can cause physical damage to bridges
In this Help Net Security video, Daniel Dos Santos, Head of Security Research at Forescout, talks about recent research, which has revealed how attackers can move laterally between vulnerable networks and devices found at the controller level of critical infrastructure.

New infosec products of the week: February 17, 2023
Here’s a look at the most interesting products from the past week, featuring releases from CyberSaint, DigiCert, Finite State, FireMon, and Veeam Software.



Source link