[ad_1]
Right here’s an summary of a few of final week’s most attention-grabbing information, articles, interviews and movies:
Integrating cybersecurity into car design and manufacturing
On this Assist Web Safety interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity panorama of the automotive trade, primarily specializing in electrical and linked autos.
The way forward for cybersecurity: Anticipating modifications with information analytics and automation
On this Assist Web Safety interview, Mick Baccio, Workers Safety Strategist at Splunk SURGe, discusses the way forward for cybersecurity, emphasizing the significance of knowledge analytics and automation in addressing evolving threats.
Rise in cyberwarfare techniques fueled by geopolitical tensions
On this Assist Web Safety interview, Matt Shelton, Head of Risk Analysis and Evaluation at Google Cloud, discusses the newest Risk Horizons Report, which offers intelligence-derived traits, experience, and suggestions on menace actors to assist inform cloud buyer safety methods in 2024.
SiCat: Open-source exploit finder
SiCat is an open-source software for exploit analysis designed to supply and compile details about exploits from open channels and inner databases.
Material: Open-source framework for augmenting people utilizing AI
Material is an open-source framework, created to allow customers to granularly apply AI to on a regular basis challenges.
Decryptor for Rhysida ransomware is out there!
Information encrypted by Rhysida ransomware may be efficiently decrypted, because of a implementation vulnerability found by Korean researchers and leveraged to create a decryptor.
Essential Fortinet FortiOS flaw exploited within the wild (CVE-2024-21762)
Fortinet has patched important distant code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), certainly one of which is “doubtlessly” being exploited within the wild.
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)
CVE-2023-43770, a vulnerability within the Roundcube webmail software program that has been fastened in September 2023, is being exploited by attackers within the wild, CISA has warned by including the vulnerability to its Recognized Exploited Vulnerabilities (KEV) catalog.
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, together with two zero-days (CVE-2024-21412, CVE-2024-21351) which are being leveraged by attackers within the wild.
QNAP fixes OS command injection flaws affecting its NAS gadgets (CVE-2023-47218, CVE-2023-50358)
QNAP Techniques has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in numerous variations of the working programs embedded within the firmware of their common network-attached storage (NAS) gadgets.
Defending in opposition to AI-enhanced e mail threats
Generative AI primarily based on giant language fashions (LLMs) has turn into a beneficial software for people and companies, but in addition cybercriminals.
Attackers injected novel DSLog backdoor into 670 weak Ivanti gadgets (CVE-2024-21893)
Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Join Safe, Coverage Safe and Neurons for ZTA to inject a “beforehand unknown and attention-grabbing backdoor” dubbed DSLog.
Company customers getting tricked into downloading AnyDesk
Hackers are leveraging the AnyDesk distant desktop software in a phishing marketing campaign concentrating on workers, Malwarebytes warns.
How are state-sponsored menace actors leveraging AI?
Microsoft and OpenAI have recognized makes an attempt by numerous state-affiliated menace actors to make use of giant language fashions (LLMs) to boost their cyber operations.
Battery maker Varta halts manufacturing after cyberattack
German battery producer Varta was pressured to close down its IT programs and cease manufacturing on account of a cyberattack.
We will’t danger shedding employees to alert fatigue
When essential cybersecurity info is buried in inconsequential noise, the outcomes may be dire. Cybersecurity groups must prioritize their assets and deal with the areas the place they’re on the most danger.
Hacking the circulation: The results of compromised water programs
On this Assist Web Safety video, Andy Thompson, Offensive Cybersecurity Analysis Evangelist at CyberArk, discusses the dire penalties of hacking water programs and why their cybersecurity have to be prioritized.
5 free digital forensics instruments to spice up your investigations
Many cutting-edge digital forensics instruments are available on the market, however for many who can not afford them, right here’s an inventory of nice free options to get you began.
AI outsourcing: A strategic information to managing third-party dangers
In an period of synthetic intelligence (AI) revolutionizing enterprise practices, many corporations are turning to third-party AI companies for a aggressive edge.
How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity
On this Assist Web Safety video, Andrew Costis, Chapter Lead of the Adversary Analysis Workforce at AttackIQ, discusses how purple teaming permits safety groups to interrupt down limitations between groups and enhance operational effectiveness.
Ransomware techniques evolve, turn into scrappier
As we enter 2024, ransomware stays essentially the most vital cyberthreat going through companies, based on Malwarebytes.
Gmail & Yahoo DMARC rollout: When cyber compliance offers a aggressive edge
The choice by Gmail and Yahoo to implement DMARC protocols could stir frustration amongst companies, particularly smaller ones with restricted cybersecurity assets.
take management of non-public information
On this Assist Web Safety video, James Dyer, Risk Intelligence Lead at Egress, talks about how we are able to higher shield ourselves from being victims of cybercrime.
QR code assaults goal organizations in methods they least anticipate
QR code assaults, or “quishing” assaults, have emerged as a well-liked tactic amongst cybercriminals, with no indicators of slowing down, based on Irregular Safety.
Collaboration on the core: The interconnectivity of ITOps and safety
On this Assist Web Safety video, Krista Macomber, Analysis Director at The Futurum Group, discusses how IT and safety groups more and more unite in opposition to cyber threats.
Product showcase: SearchInform Danger Monitor – next-gen DLP primarily based insider menace mitigation platform
Mainly, DLP programs are geared toward prevention of knowledge leaks, and in real-life mode they monitor and block (if required) transmitting of confidential information. Nonetheless, the normal method to DLP system isn’t ample. That’s why SearchInform gives the next-gen platform for inner menace mitigation – Danger Monitor (hereinafter RM).
New infosec merchandise of the week: February 16, 2024
Right here’s a take a look at essentially the most attention-grabbing merchandise from the previous week, that includes releases from Appdome, Middle for Web Safety, Cyberhaven, LOKKER, Sumsub, and CompliancePro Options.
[ad_2]
