Week in Review: Spot Deeply Faked Job Applicants, Data Exfiltration via Bookmarks, Patch Tuesday Predictions

Here’s a look at some of the most interesting news, articles, interviews and videos from the past week:

Browser synchronization abuse: bookmarks as a conduit for secret data exfiltration
Two universal and seemingly innocuous browser features – the ability to create bookmarks (aka “favorites”) and browser synchronization – make life easier for users, but can also allow hackers to establish a secret channel of data exfiltration .

Ransomware gangs face obstacles, but don’t stop (yet)
Ransomware attacks are on the decline, according to reports from several cybersecurity companies. Why is that?

Preventing cyberattacks pays off, so why aren’t companies investing to protect themselves?
In this Help Net Security interview, former Pentagon Chief Strategy Officer Jonathan Reiber, Vice President of Cybersecurity Strategy and Policy, AttackIQ, offers CISO insight – from discussion to boardroom to the appropriate budget allocation.

August 2022 Patch Tuesday Predictions: Printers Again?
Ahead of next week we have a server end of life and even more updates that may impact printers.

How to minimize your exposure to supply chain attacks
Supply chain attacks are on the rise and many organizations seem unsure how to respond to the threat. Here are several steps you can take to minimize your risk of being involved in a supply chain breach.

The most impersonated brand in phishing attacks? Microsoft
Vade has announced its H1 2022 Phishers’ Favorites report, a ranking of the 25 most impersonated brands in phishing attacks.

6 Ways Your Cloud Data Security Policies Are Slowing Innovation — and How to Avoid It
As virtually every organization moves from managing their data in network-based data centers to storing it in the cloud, cloud data security policies are being created to secure that data in a cloud environment. With more and more data migrating to the cloud, these policies must adapt to a wide range of data stores, locations, uses, and environments.

Phishers use custom phishing kit to hijack MFA-protected corporate Microsoft accounts
An ongoing large-scale phishing campaign targets owners of business email accounts at companies in the fintech, lending, insurance, energy and manufacturing sectors in the US, UK, in New Zealand and Australia.

VMware: Fix this critical vulnerability immediately! (CVE-2022-31656)
The security researcher who reported CVE-2022-31656 plans to release a technical description and POC “soon.”

Organizations have grown to love Kubernetes: production usage is high
Kubernetes delivers business value and is poised to gain an increasing share of production workloads, with nearly all respondents to a Dimensional Research study saying they plan to scale and diversify their Kubernetes infrastructures in some way. or another in the coming year.

‘ParseThru’ Vulnerability Allows Unauthorized Access to Cloud-Native Applications
A new vulnerability found in GoLang-based applications allows a malicious actor to bypass validations under certain conditions and gain unauthorized access to cloud-native applications.

Burnout and attrition impact technical teams supporting modern digital systems
Across all industries, 54% of speakers are interrupted outside of normal working hours.

How to Spot Deeply Rigged Candidates in Interviews
The FBI recently issued a warning that malicious attackers are using deepfakes to apply for various remote jobs via virtual interviews over the internet. In this Help Net Security video, Sanjay Gupta, SVP and Managing Director of Mitek Systems, explains how combating this threat will require a multi-layered approach from HR and recruiting teams in addition to IT.

Astute Risk Leadership: Turning Intelligence into Actionable Controls
In this Help Net Security video, John deCraen, Associate Managing Director at Kroll, talks about leveraging threat intelligence to inform actionable controls.

MI-X: The open source project helps you understand if you are exploitable
In this Help Net Security video, Ofri Ouzan, Security Researcher at Rezilion, talks about MI-X (am I exploitable?), an open source tool aimed at efficiently determining whether a localhost or running container image execution is really vulnerable to a specific target. vulnerability taking into account all factors that affect actual exploitability.

Phishing campaign targets Coinbase wallet holders to steal cryptocurrency in real time
In this video for Help Net Security, Nick Ascoli, VP of Threat Research, PIXM, discusses a multi-layered phishing campaign targeting cryptocurrency exchange Coinbase.

How AI and cybersecurity complement each other
In this Help Net Security video, Taylor Hersom, CEO of Eden Data, explains why we need AI and how it helps minimize human error, as well as cybersecurity threats such as ransomware.

Now is the time to focus on software supply chain security improvements
In this Help Net Security video, Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi, explains how CIOs are increasingly concerned about severe business disruptions, loss of revenue , data theft and damage to customers that can result from a successful software supply chain. attacks.

Machine learning creates a new attack surface requiring specialized defenses
In this interview for Help Net Security, Christopher Sestito, CEO of HiddenLayer, talks about machine learning security considerations and related threats that organizations should be concerned about.

eBook: Privileged Access Management for Dummies
This free 24-page book gives you a practical understanding of privileged access management and its security implications.

Test your security setup with a free assessment tool from CIS
CIS-CAT Lite is the free assessment tool developed by the Center for Internet Security (CIS), which helps users implement secure configurations for multiple technologies. With unlimited analyzes available through CIS-CAT Lite, your organization can download and begin implementing CIS Benchmarks in minutes.

SimpleRisk: Simplified Enterprise Risk Management
In this Help Net Security video, CEO/CISO Josh Sokol introduces SimpleRisk, a fully integrated GRC platform that can be used for all your governance, risk management, and compliance needs.

New infosec products of the week: August 5, 2022
Here’s a look at some of the hottest products from the past week, with releases from Claroty, Fortinet, Qualys, Scrut Automation, Sony, and VIPRE Security.

Comments are closed.