Weekly recap: The future of Metasploit, lateral movement detection, new issue of (IN)SECURE magazine

Here’s a rundown of some of the most interesting news, articles, interviews and videos from the past week:

Beware of PLC and HMI password cracking software!
A threat actor targets industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine interfaces (HMI), exploiting their urgent needs to turn industrial workstations into dangerous bots.

Vulnerabilities in popular GPS trackers could allow hackers to remotely stop cars
Six vulnerabilities in the MiCODUS MV720 GPS tracker, used by companies around the world to manage and protect vehicle fleets, could be exploited by attackers to remotely interrupt fuel consumption or bring vehicles to an abrupt halt.

Atlassian fixes critical bugs in Confluence, Jira, Bitbucket and other products, update quickly!
Atlassian has fixed three critical vulnerabilities and urges customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible.

(IN)SECURE Magazine Issue 72 published: Free download
(IN)SECURE Magazine is a free digital security publication covering some of the hottest topics in information security. Issue 72 is out. It’s a free download, no registration required.

The rise and continued popularity of LinkedIn-related phishing
Phishing emails impersonating LinkedIn continue to account for the bulk of all branded phishing attempts; According to Check Point, 45% of all email phishing attempts in Q2 2022 mimicked the professional social media platform’s communication style with the aim of directing targets to a fake LinkedIn login page and harvesting their account credentials.

Microsoft adds a default protection against RDP brute force attacks
Brute force RDP access and malicious macros have long been two of the most popular tactics used by attackers to gain unauthorized access to Windows systems.

Removing the blind spots that allow lateral movement
In most security solutions today, there are critical blind spots that make lateral movement attacks nearly impossible to detect and prevent.

82% of insurers worldwide expect cyber insurance premiums to continue to rise
A Panaseer survey of global insurers in the UK and US found that 82% expect premiums to continue to rise, with 74% of insurers agreeing that their inability to accurately understand a customer’s security posture is impacting price increases.

The importance of strong passwords cannot be overstated
Cyber ​​criminals typically rely on weak passwords to break into online accounts of unsuspecting victims, often with dire consequences. But despite understanding the importance of strong passwords as a critical security best practice, for most users the ease of remembering few passwords and reusing them everywhere outweighs the increased security risk.

Losses from online payment fraud top $343 billion
According to Juniper Research, cumulative online payment fraud losses to merchants worldwide will exceed $343 billion between 2023 and 2027.

How kitemarks are nudging IoT regulation
The regulation of the Internet of Things (IoT) has always been a contentious issue. Those opposed claim that it stunts the growth of an emerging industry, while proponents argue that it sees the adoption of industry best practices and helps establish standards.

Industrial cybersecurity leaders are making significant strides
Increasing cyber threats and government policies have made cybersecurity a top priority for organizations with critical infrastructure.

How to prepare your organization for a Slack or Office 365 breach
In this video from Help Net Security, Ofer Maor, CTO at Mitiga, explains the key security considerations for organizations to prepare for and minimize the potential impact of a Slack or Office 365 breach.

Popular business web apps don’t enforce critical password requirements
Specops Software has released new research finding cybersecurity vulnerabilities in business web apps like Shopify, Zendesk, Trello, and Stack Overflow.

What NATO Cyber ​​Capability Means for Virtual Rapid Response to Combat Cyber ​​Warfare
In this Help Net Security video, Itay Bochner, Director of Malware Analysis Solutions, OPSWAT, talks about NATO’s virtual cyber responsiveness capability and what it means.

What threats and challenges are CISOs and CROs most focused on?
According to Tata Consultancy Services, cyber leaders may not adequately prioritize threats from vulnerabilities within the value chain beyond the immediate confines of their own organization.

How attackers use pentesting tools to launch attacks
In this Help Net Security video, Tony Lambert, Senior Malware Analyst at Red Canary, discusses how attackers’ favorite tools are legitimate tools used for malicious purposes.

The first formal review of a prototype Arm CCA firmware
As our personal data is increasingly used in many applications from advertising to finance to healthcare, the protection of sensitive information has become an essential feature of computer architectures.

Huntress acquires security awareness training platform Curricula for $22 million
Huntress, the managed security platform for SMBs, has acquired Curricula, a story-based security awareness training platform that empowers employees to better defend themselves against hackers. In this Help Net Security video, Huntress CFO Marcos Torres talks about what this acquisition means for the future of the company.

60% of IT leaders lack confidence in their secure cloud access
According to a study by the Ponemon Institute, 60% of IT and security leaders lack confidence in their organization’s ability to provide secure cloud access, even as adoption continues to grow across a variety of cloud environments.

Why SBOMs aren’t the silver bullet they’re made out to be
In this Help Net Security video, Julie Klein, Director, Global Public Policy at Akamai Technologies, shares her perspective on SBOMs.

The past, present and future of Metasploit
In this video from Help Net Security, Spencer McIntyre, senior security researcher at Rapid7, talks about how Metasploit allows defenders to stay a step (or two) ahead of the game and offers a glimpse into the future.

AppViewX raises $20 million to help companies mitigate risk
In this Help Net Security video, Gregory Webb, CEO of AppViewX, talks about how the additional investment will help maximize AppViewX’s go-to-market.

Introducing the book: Managing the Dynamic Nature of Cyber ​​Security
In this Help Net Security video, he talks about how the book helps organizations define sound security strategies.

How organizations can implement a complete data strategy
In this video from Help Net Security, Bernard Brantley, CISO at Corelight, explains why organizations need to rethink their data strategy by challenging the assumption that they need to capture everything and determine its usage at the time of the incident.

How to identify and fight online fraud
In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, explains how organizations need to prepare for fraudulent BNPL activity.

Product showcase: Passwork – the best solution for working with company passwords
The aim of Passwork is to enable efficient and secure work processes through the automated management of passwords and company accounts.

Infosec New Product of the Week: July 22, 2022
Here’s a look at the hottest products from the past week, including releases from Cato Networks, CoSoSys, Darktrace, EnGenius, Orca Security, Persona, and Resecurity.

About Nina Snider

Check Also

Genuit Group plc (LON:GEN)’s dismal stock performance reflects weak fundamentals

Genuit Group (LON:GEN) had a tough three months, with its share price down 23%. To …