Week in Review: Revolut Data Breach, ManageEngine RCE Flaw, Free Linux Security Training Courses


Leaked images in development of GTA 6
US video game publisher Rockstar Games has suffered an unfortunate data leak: someone has posted in-development images/videos online for Grand Theft Auto (GTA) 6, the highly anticipated installment of the popular game.

Uber claims Lapsus$ gang is behind recent breach
Uber has confirmed that the recent breach of its systems began with a compromised account belonging to a contractor.

Python tarfile vulnerability affects 350,000 open source projects (CVE-2007-4559)
The Trellix Advanced Research Center has published its research on CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open source projects and widespread in open source projects.

Revolut data breach: more than 50,000 users affected
Revolut, the fintech company behind the popular banking app of the same name, suffered a data breach, which was followed by phishing attacks aimed at taking advantage of the situation.

US awards $1 billion to state, local and territorial governments to improve cyber resilience
The U.S. government will provide $1 billion in grants to help state, local, and territorial (SLT) governments address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and build cyber resilience in the face of persistent cyberthreats .

The 25 most popular programming languages ​​and trends
CircleCI released the 2022 State of Software Delivery Report, which examines two years of data from more than a quarter of a billion workflows and nearly 50,000 organizations around the world, and provides information to engineering teams to understand how they can be more successful.

ManageEngine RCE critical flaw is exploited (CVE-2022-35405)
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its catalog of known exploited vulnerabilities (KEV).

Securing the front of your Apple device with unified endpoint management
Apple has always touted the security and privacy capabilities of its devices. Being responsible for both the hardware and the associated operating system has allowed Apple to create a closed approach to protecting users against some common attacks.

3 Free Linux Security Training Courses You Can Take Right Now
Learning to navigate and interact effectively with Linux can be an important part of your cybersecurity learning journey.

Deploy cybersecurity where people and data meet
Many data breaches occur within the enterprise, either explicitly by employees or by threats that have infiltrated the network.

What You Need To Know About Evil-Colon Attacks
While new attacks seem to emerge faster than TikTok trends, some warrant action before they’ve even had a chance to surface.

Mitigating the cybersecurity crisis for the upcoming school year
As students return to the classroom, K-12 district leaders face the difficult task of preventing and mitigating cybersecurity threats against their districts.

High Severity Vulnerabilities Found in Harbor’s Open Source Artifact Registry
Oxeye security researchers have discovered several new high-severity variants of Insecure Director Object Reference (IDOR) vulnerabilities (CVE-2022-31671, CVE-2022-31666, CVE-2022-31670, CVE-2022-31669, CVE -2022-31667) in the Harbor project, a graduate of the CNCF, VMware’s famous open-source artifact registry.

The impact of location-based fraud
In this Help Net Security video, André Ferraz, CEO of Incognia, talks about the impact of location-based fraud, which is more prevalent than you might imagine, and affects different industries in different ways.

The resurgence of attacks against critical infrastructure
In this Help Net Security video, Fleming Shi, CTO at Barracuda Networks, talks about the rise of critical infrastructure attacks and how organizations are responding to them.

Use of open source software slows for fear of vulnerabilities, exposures or risks
Anaconda has released its 2022 annual State of Data Science report, revealing widespread trends, opportunities, and perceived barriers facing the data science, machine learning (ML) and computing industries. artificial intelligence (AI).

Is $15.6 billion enough to protect critical infrastructure?
In this Help Net Security video, Jeffrey J. Engle, president and president of Conquest Cyber, explains why increased spending is necessary and whether it’s enough to protect critical infrastructure.

Agent-Based vs. Agentless Security: Advantages and Disadvantages
In this Help Net Security video, Mark Nunnikhoven, Distinguished Cloud Strategist at Lacework, discusses agent-based and agentless approaches to security.

What do SOC analysts need to be successful?
Gurucul announced results from a 2022 Black Hat USA Security Professional Survey of respondents indicating that insider threats were the most difficult type of attack for SOC analysts to detect, and that the analysis Behavioral was the most common technology they lacked and which they planned to add to the SOC in the near future.

The best ways to protect crypto assets
In this Help Net Security video, Nick Percoco, Chief Security Officer at Kraken, explains why it’s important for crypto holders to view personal security as an ongoing, holistic process, and offers advice on how to protect crypto assets. .

The explosion of data exceeds the human capacity to manage
Dynatrace announced the results of an independent global survey of 1,303 CIOs and senior cloud and IT operations managers at large organizations, showing that as the move to cloud-native architectures accelerates, the data generated by such environments exceed the ability of current solutions to produce meaningful analytics.

Email Threats: A Problem for Organizations
In this Help Net Security video, Igal Lytzki, Incident Response Analyst at Perception Point, discusses a recent Remcos RAT malware campaign and, more generally, the threat that email threats and phishing pose to organizations.

How to Secure Public Cloud Data
In this Help Net Security video, Amit Shaked, CEO of Laminar, discusses blind spots in public cloud data security and offers advice for organizations to raise their level of security.

4 key points from the webinar “XDR is the ideal solution for SMBs”
Cyberattacks against large organizations are making headlines. So, you might be surprised to learn that small and medium-sized businesses (SMBs) are actually more frequent targets of cyberattacks. Many SMEs understand this risk first hand.

New infosec products of the week: September 23, 2022
Here’s a look at some of the hottest products from the past week, with releases from 42Crunch, Cloudflare, Code42, Commvault, and Onfido.

Source link