Here’s a rundown of some of the most interesting news, articles, interviews and videos from the past week:
Google Protected Computing: Guaranteeing data protection and data security regardless of location
In this interview with Help Net Security, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about protected computing, the impact of privacy regulations, and privacy in general.
Users looking for ChatGPT apps get malware instead
The tremendous popularity of OpenAI’s ChatGPT chatbot has not gone unnoticed by cybercriminals: they use the public’s eagerness to experiment with it to trick users into downloading Windows and Android malware and visiting phishing sites.
Defenders on high alert as backdoor attacks become more common
Although the share of ransomware in incidents decreased only slightly from 2021 to 2022, IBM says defenders were more successful in detecting and defending against ransomware.
Cybersecurity Layoffs in 2023: What to Expect?
The economic downturn projected for 2023 will result in layoffs, but cybersecurity workers will be least affected, says the latest (ISC)² report. Also, once things get better, they’ll probably be the first to be hired (again).
VMware patches critical injection bug in Carbon Black App Control (CVE-2023-20858)
VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution that prevents untrusted software from running on critical systems and endpoints.
PoC exploit, IoCs for Fortinet FortiNAC RCE released (CVE-2022-39952)
The Horizon3.ai Attack Team has released a PoC exploit for CVE-2022-39952, a critical vulnerability affecting FortiNAC, Fortinet’s network access control solution.
What can we learn from the recent Coinbase cyber attack?
Cryptocurrency exchange Coinbase has repelled a cyberattack that may have been carried out by the same attackers who targeted Twillio, Cloudflare and many other companies last year.
Twitter will charge users for the SMS-based 2FA option
Twitter has announced that starting March 20, users who do not pay for the Twitter Blue subscription will no longer be able to use the SMS-based two-factor authentication (2FA) option.
Four steps SMBs can take to close SaaS security gaps
Despite economic volatility and tight budgets, adoption of Software as a Service (SaaS) continues to grow.
Cybersecurity takes a leap forward with AI tools and techniques
Scientists have taken a critical step towards using a form of artificial intelligence known as deep reinforcement learning (DRL) to protect computer networks.
ChatGPT brings advances and challenges to cybersecurity
Like any new technology, ChatGPT can be used for both good and bad – and this is having a major impact on the world of cybersecurity.
Researchers find hidden vulnerabilities in hundreds of Docker containers
Rezilion discovered the presence of hundreds of Docker container images with vulnerabilities that are undetectable by most standard vulnerability scanners and SCA tools.
Why user-controlled remediation is key to strong API security
In this video from Help Net Security, Matias Madou, CTO at Secure Code Warrior, explains how keeping track of the latest and greatest security tools can distract development teams from where attention to detail still needs to be taken: human-driven remediation.
Healthcare data breaches still higher than pre-pandemic levels
The number of data breaches affecting healthcare providers declined in the second half of 2022, according to Critical Insight, consistent with a downward trend over the past two years.
Top GraphQL API security threats and how to counter them
Organizations looking to modernize their APIs are increasingly moving from REST architecture to the open-source data query and manipulation language GraphQL.
How advancing cyber education can help fill workforce gaps
In this Help Net Security video, José-Marie Griffiths, President of Dakota State University, explains that this deficiency is not just an inconvenience, but a major threat that compromises the security of organizations and puts their customers’ confidential information and risk at risk.
Complexity, scale of cyber attacks lead to burnout in security teams
According to Magnet Forensics, the rapid evolution of cybercrime is putting a significantly greater strain on security teams than last year, leading to widespread burnout and potential regulatory risk.
Are your IoT devices at risk? Cybersecurity Concerns for 2023
In this Help Net Security video, JR Cunningham, CSO at Nuspire, discusses IoT cybersecurity concerns for 2023.
Most ransomware-related vulnerabilities are old
Researchers identified 56 new vulnerabilities related to ransomware threats among a total of 344 threats identified in 2022 – representing a 19% increase over the previous year.
Insider threats must be a top priority for companies facing layoffs
In this video from Help Net Security, Nick Tausek, Lead Security Automation Architect at Swimlane, talks about how organizations need to prepare for insider threats amid the stress, anxiety, frustration and uncertainty of what lies ahead for these suddenly unemployed workers .
Resecurity warns of cyber attacks on data center service providers
Resecurity warns of the increase in malicious cyber activity targeting data center service providers worldwide.
What to expect at BSidesNYC 2023
In this video interview with Help Net Security, Huxley Barbee, lead organizer of BSidesNYC 2023, talks about the upcoming event.
Infosec New Product of the Week: February 24, 2023
Here’s a look at the hottest products from the past week, including releases from CyberGRX, Lacework, Malwarebytes, Netography, Nudge Security, and Xcitium.
