Week in review: Microsoft fixes many zero-days, malicious droppers on Google Play, IRISSCON 2022
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Taking cybersecurity investments to the next level
In this Help Net Security interview, the former Trident Capital leader offers insight into innovation in the cybersecurity market, M&A activity, pitching to VCs, and more.
Microsoft fixes many zero-days under attack
November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities.
Medibank won’t pay the ransom for data stolen in breach
Australian health insurance provider Medibank has announced it won’t be paying the ransom to the criminal(s) who stole data of 9.7 million of its current and former customers.
Malicious droppers on Google Play deliver banking malware to victims
Android users are often advised to get mobile apps from Google Play, the company’s official app marketplace, to minimize the possibility of downloading malware.
Photos: IRISSCON 2022
IRISSCON, the annual cyber crime-themed conference organized by the Irish Reporting and Information Security Service (IRISS), was held in Dublin, Ireland on Thursday, November 10, 2022.
Busting compliance myths
In this interview for Help Net Security, Troy Fine, Senior Manager of Cybersecurity Risk Management at Drata, talks about the challenges of data compliance and what companies must do to achieve it.
False sense of safety undermines good password hygiene
LastPass released findings from its fifth annual Psychology of Password report, which revealed even with cybersecurity education on the rise, password hygiene has not improved.
Does your company need secure enclaves? Five questions to ask your CISO
Some of the biggest barriers to cloud adoption are security concerns: data loss or leakage, and the associated legal and regulatory concerns with storing and processing data off-premises.
Phishing threats are increasingly convincing and evasive
In this Help Net Security video, Tonia Dudley, VP, CISO at Cofense, provides a look at the various changes seen in the phishing threat landscape.
How geopolitical turmoil changed the cybersecurity threat landscape
ENISA, EU’s Agency for Cybersecurity, released its annual Threat Landscape report, covering the period from July 2021 up to July 2022.
The security dilemma of data sprawl
As hybrid work becomes the norm in business, so does data sprawl. Data sprawl refers to the spread of company information to various places, which often comes from dispersed and unmanaged cloud app use.
How to assess and mitigate complex supply chain risks
In this Help Net Security video, Andy Zollo, Regional VP of EMEA at Imperva, talks about how organizations can assess and mitigate cyber risks within their supply chain.
Security “sampling” puts US federal agencies at risk
Titania launched an independent research report that uncovers the impact of exploitable misconfigurations on the security of networks in the US federal government.
Shining a light on the dark web
Dark web marketplaces sell a plethora of tools, stolen data, and forged documents, and some of the things for sale are priced higher than the rest.
Active security budget evaluation plugs holes in your security stack
In this Help Net Security video, Pat McGarry, CTO at ThreatBlockr, discusses how enterprise defenders need a way to block modern threats that get through their security stack.
How ransomware gangs and malware campaigns are changing
Deep Instinct released its 2022 Bi-Annual Cyber Threat Report which focuses on the top malware and ransomware trends and tactics from the first half of 2022 and provides key takeaways and predictions for the ever-evolving cybersecurity threat landscape.
Red, purple, or blue? When it comes to offensive security operations, it’s not just about picking one color
Organizations often operate under the mistaken impression of being in control without any evidence to support this perception. Unfortunately, this illusion is common because of (among other things) confirmation bias that lingers in board rooms and IT departments: “We haven’t had an attack yet, so we must be doing something right.”
Exposing Emotet and its cybercriminal supply chain
In this Help Net Security video, Chad Skipper, Global Security Technologist at VMware, unpacks insights learned from Emotet’s most recent resurgence in hopes that organizations can better understand and defend themselves against this resilient malware.
How can CISOs catch up with the security demands of their ever-growing networks?
Vulnerability management has always been as much art as science. However, the rapid changes in both IT networks and the external threat landscape over the last decade have made it exponentially more difficult to identify and remediate the vulnerabilities with the greatest potential impact on the enterprise.
What is software threat modeling and how to use it effectively
In this Help Net Security video, Kevin Delaney, Director, Solutions Engineering at Security Compass, explains what threat modeling is, and why it’s important for software development.
Remote work pushes video conferencing security to the fore
In this Help Net Security video, George Waller, EVP of Zerify, talks about the rise of remote work and the importance of video conferencing security for organizations of all sizes.
Compliance initiatives can advance your organization’s security journey
In this Help Net Security video, Christopher Fielder, Field CTO at Arctic Wolf, discusses the common mistakes organizations make in their compliance journeys.
Personal cybersecurity is now a company problem
In this Help Net Security video, Amir Tarighat, CEO at Agency, discusses the rise of employee digital risk. He explores the intersection of personal and enterprise cybersecurity and new approaches for managing the new wave of attacks.
Balance reliable online age verification methods with data protection issues
In this Help Net Security video, Philipp Pointner, Chief of Digital Identity at Jumio, discusses Jumio’s age verification survey, which suggests that many parents agree social media sites should implement more robust protections.
2FA, 3FA, MFA… What does it all mean?
Simply put, authentication is the act of proving you are who you say you are. To gain access to protected information, systems or locations, the user must prove their identity by providing specific access credentials.
How micro-VMs can protect your most vulnerable endpoints
When it comes to these cyberattacks, malware remains a major concern. With one click, an infection can wreak havoc on your network, allow hackers to steal critical information, delete files and destroy your devices.
2022 Cloud Data Security Report
Flow Security’s 2022 Cloud Data Security Report dives into how CISOs today adapt to the increasing challenges in data security and the concerns they prioritize solving.
New infosec products of the week: November 11, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Acronis, Flashpoint, ImmuniWeb, Lacework, Picus Security, and Vanta.