Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Photos: Cybertech Europe 2023
The Cybertech Europe conference and exhibition takes place at La Nuvola Convention Center in Rome, and features the latest innovative solutions from dozens of companies and speakers, including senior government officials, C-level executives, and industry trailblazers from Europe and around the world.
Cybertech Europe 2023 video walkthrough
In this Help Net Security video, we take you inside Cybertech Europe 2023 at La Nuvola Convention Center in Rome.
Securing GitHub Actions for a safer DevOps pipeline
In this Help Net Security interview, Varun Sharma, CEO at StepSecurity, talks about misconceptions about the security of GitHub Actions, the potential risks of using third-party actions, recommended best practices for using GitHub Actions securely, and more.
CISO’s compass: Mastering tech, inspiring teams, and confronting risk
In this Help Net Security interview, Okey Obudulu, CISO at Skillsoft, talks about the increasing complexity of the CISO role and challenges they face.
Tackling cyber risks head-on using security questionnaires
In this Help Net Security interview, Gaspard de Lacroix-Vaubois, CEO at Skypher, talks about the implementation of security questionnaires and how they facilitate assessments and accountability across all participants in the technology supply chain, fostering trust and safeguarding sensitive data.
Chalk: Open-source software security and infrastructure visibility tool
Chalk is a free, open-source tool that helps improve software security.
Critical zero-days in Exim revealed, only 3 have been fixed
Six zero-days in Exim, the most widely used mail transfer agent (MTA), have been revealed by Trend Micro’s Zero Day Initiative (ZDI) last Wednesday.
Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211)
A vulnerability (CVE-2023-4211) in the kernel drivers for several Mali GPUs “may be under limited, targeted exploitation,” British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches.
Amazon: AWS root accounts must have MFA enabled
Amazon wants to make it more difficult for attackers to compromise Amazon Web Services (AWS) root accounts, by requiring those account holders to enable multi-factor authentication (MFA).
“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)
A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers.
Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)
Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution.
Google unveils stricter anti-spam rules for bulk email senders
To keep Gmail users’ inboxes “safer and more spam-free”, Google is introducing new requirements for bulk senders (of commercial email).
Qualcomm patches 3 actively exploited zero-days
Qualcomm has fixed three actively exploited vulnerabilities (CVE-2023-33106, CVE-2023-33107, CVE-2023-33063) in its Adreno GPU and Compute DSP drivers.
Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)
Atlassian has fixed a critical zero-day vulnerability (CVE-2023-22515) in Confluence Data Center and Server that is being exploited in the wild.
Apple patches another iOS zero-day under attack (CVE-2023-42824)
Apple has released a security update for iOS and iPadOS to fix another zero-day vulnerability (CVE-2023-42824) exploited in the wild.
Evolving conversations: Cybersecurity as a business risk
Board members often lack technical expertise and may not fully grasp cyber risks. On the other hand, CISOs are more accustomed to interfacing with IT staff.
Protecting against FraudGPT, ChatGPT’s evil twin
In this Help Net Security video, Mike Newman, the CEO of My1Login, discusses the risks that FraudGPT poses and the techniques criminals use to target organizations.
Making privacy sustainable: Incorporating privacy into the ESG agenda
Data breaches have been rising in frequency and magnitude over the last two decades.
9 essential ransomware guides and checklists available for free
Here’s a collection of free ransomware guides and checklists you can access without registration.
GenAI in software surges despite risks
In this Help Net Security video, Ilkka Turunen, Field CTO at Sonatype, discusses how generative AI influences and impacts software engineers’ work and the software development lifecycle.
Eyes everywhere: How to safely navigate the IoT video revolution
With IoT taking over the home and office, device creators and users must take extra steps to stay cyber-safe.
Lazarus impersonated Meta recruiter to breach Spanish aerospace firm
Operators of the North Korea-linked Lazarus APT obtained initial access to the network of an aerospace company in Spain last year after a successful spearphishing campaign, by masquerading as a recruiter for Meta — the company behind Facebook, Instagram, and WhatsApp.
Understanding the layers of LLM security for business integration
In this Help Net Security video, Ivana Bartoletti, Global Privacy Officer at Wipro, discusses how organizations should deal with and deploy LLMs securely.
October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty
September has been a packed month of continuous updates. New operating systems were released from Apple and Microsoft, and several vulnerabilities exploited in web services resulted in a domino effect of zero-day releases for many vendors.
Global events fuel DDoS attack campaigns
Cybercriminals launched approximately 7.9 million DDoS attacks in 1H 2023, representing a 31% year-over-year increase, according to NETSCOUT.
High-business-impact outages are incredibly expensive
In this Help Net Security video, Peter Pezaris, Chief Strategy and Design Officer at New Relic, discusses observability adoption and how full-stack observability leads to better service-level metrics, such as fewer, shorter outages and lower outage costs.
Factors leading to organizations losing control over IT and security environments
Companies are challenged with the growing need to connect everything in their business while maintaining control over their security, productivity, and competitive growth, according to Cloudflare.
Are executives adequately guarding their gadgets?
In this Help Net Security video, Amir Tarighat, CEO of Agency, discusses how executives are (or are not) protecting their personal devices when accessing work materials.
Infosec products of the month: September 2023
Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Armis, AlphaSOC, Baffle, Ciphertex Data Security, Cisco, ComplyCube, CTERA, CyberSaint, Dig Security, Fortinet, Ghost Security, Hornetsecurity, Immersive Labs, Kingston, Laiyer.ai, MixMode, NTT Security Holdings, OneTrust, Panzura, Purism, runZero, SeeMetrics, Swissbit, TXOne Networks, Viavi Solutions, and Wing Security.
New infosec products of the week: October 6, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Cloaked, ComplyCube, LogicMonitor, ManageEngine, Nutanix, and Veriff.