Week in Review: Kali Linux Climbs Linode, Facial Recognition Defeated, Log4j Mining

Here’s a look at some of the most interesting news, articles, interviews and videos from the past week:

Respond to threats and prevent the loss of sensitive data
Recently, Normalyze, a data-driven cloud security platform, sneaked out with $22.2 million in Series A funding. It was the perfect time to meet co-founder and CEO Amer Deeba. In this interview with Help Net Security, he discusses the path to data security as well as the challenges of visibility.

Who are the best fraud fighters?
Seasoned fraud expert PJ Rohall recently became the new Head of Fraud Strategy and Education at SEON. In this Help Net Security interview, he explains how he got into the industry, the changing fraud landscape, and offers advice for other fraud fighters.

Linode + Kali Linux: additional security for cloud instances
Kali Linux, the popular open-source Linux distribution specializing in penetration testing, ethical hacking and security auditing, is now available for use by Linode customers.

Researchers destroy facial recognition systems with a universal face mask
Can attackers create a face mask that would defeat modern facial recognition systems? A group of researchers from Ben-Gurion University of the Negev and Tel Aviv University have proven that it is possible.

Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)
The July 2022 Patch Tuesday is upon us and brought fixes for 84 CVEs in various Microsoft products, including one actively exploited zero-day: CVE-2022-22047, a privilege elevation bug in the subsystem client/server runtime (CSRSS) of Windows. .

Phishers steal session cookies from Office 365 users to circumvent MFA and commit payment fraud
Massive phishing campaign targets Office 365 (i.e. Microsoft 365) users in over 10,000 organizations since September 2021 and successfully bypasses multi-factor authentication (MFA) put in place to protect accounts .

PayPal-Themed Phishing Kit Enables Complete Identity Theft
Sometimes phishers are right after your username and password, but other times they’re after every bit of sensitive information they can extract from you. To do this, they use tools like the phishing kit recently analyzed by Akamai researchers.

How to face the permanent risk of exploitation of Log4j and prepare for the future
“Vulnerable instances of Log4j will remain in systems for many years, possibly a decade or more,” concluded the Cyber ​​Safety Review Board (CSRB).

Are your site’s tracking technologies breaking the law?
Two irresistible but contradictory forces are creating a real risk for companies that operate on the web, that is, all companies that exist in 2022. These forces are tracking technologies and data privacy regulations.

BlackCat (aka ALPHV) Ransomware Raises Stakes to $2.5M in Requests
Resecurity (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 companies, has detected a significant increase in the value of ransom demands by the notorious Blackcat ransomware gang.

The enemy of vulnerability management? Unrealistic expectations
Organizations vary by size, industry, and level of maturity, but they all have in common the need to know how to remediate security vulnerabilities quickly.

Almost all government websites use third-party cookies or trackers
In some countries, up to 90% of government websites add third-party tracking cookies without users’ consent.

The weaponization of smartphone location data on the battlefield
For soldiers on the battlefield, turning on their smartphone has been described as the digital equivalent of lighting a cigarette, as it creates a signal about their location that can be picked up by the enemy.

Conventional approaches to cybersecurity fall short
According to Skybox Security, traditional security approaches that rely on reactive, detection and response measures and tedious manual processes cannot keep pace with the volume, variety and speed of today’s threats.

The Future of SOCs: Automation Where It Matters
Sophisticated attacks, remote working needs and rapidly changing technologies are forcing companies to manage IT security while controlling costs and using overburdened staff.

Q-Day: The Legacy Public Key Encryption Problem
In power circles where politics and technology collide, there always seems to be someone with their “hair on fire” on some issue or another, and it can be hard to tell the difference between serious business, hype and political theatre.

7 steps to transition your organization to a Zero Trust architecture
In this Help Net Security video, John Grancarich, Executive Vice President of Product Strategy and Growth at HelpSystems, explains how the biggest cybersecurity threat today is not the next attack, but rather trust. implicit that organizations grant to access their critical resources.

The Impact of DNS Attacks on Global Organizations
In this Help Net Security video, Chris Buijs, Chief Evangelist at EfficientIP, talks about the importance of integrating DNS into an organization’s security strategy.

An overview of the bring your own browser (BYOB) approach
In this Help Net Security video, Dor Zvi, CEO of Red Access, explains how security teams need a new browser-agnostic approach to bring your own browser (BYOB) to work.

How to Develop Successful Incident Response Plans
In this Help Net Security video, Neal Bridges, CISO at Query.AI, talks about the rules organizations need to think about if they are to develop effective incident response (IR) plans.

Best Practices for Cyber ​​Resilience
In this Help Net Security video, Robin Berthier, CEO of Network Perception, talks about cyber resilience strategy.

How attackers abuse Quickbooks to send fraudulent emails over the phone
In this Help Net Security video, Roger Kay, VP of Security Strategy, INKY, explains how this time attackers impersonated reputable retail brands such as Amazon, Apple and Paypal , to send legitimate notifications from QuickBooks, an accounting software package. used primarily by small and medium-sized businesses that lack in-house finance and accounting expertise.

The proliferation of financial mules and how behavioral biometrics can combat this form of fraud
In this Help Net Security video, Erin Englund, Head of Threat Analytics at BioCatch, explains what financial mules are, why they’re becoming so prevalent, and how we can defend against them.

Product showcase: ImmuniWeb Neuron, DAST with zero false positive SLA
ImmuniWeb, a global application security company with more than 1,000 customers in over 50 countries, unveils ImmuniWeb Neuron, purpose-built to solve both problems simply, effectively and efficiently.

New infosec products of the week: July 15, 2022
Here’s a look at some of the hottest products from the past week, with releases from Deloitte, Flashpoint, CertiK, CyberArk, and N-able.

Comments are closed.